A recent report by the Association of British Insurers found that a surprising 99 per cent of claims made under cyber insurance policies held by its members were paid in 2018.
Perhaps more surprising are reports that only 207 claims were made in 2018.
Anecdotal evidence tends to show that the number of cyber breaches is growing exponentially, particularly as they become ever-more sophisticated.
The fall-out from cyber breaches can be huge in terms of theft of data and funds, disruption to business, loss of customer trust and costs associated with auditing systems and repairing damage. The damage to reputation caused by these attacks can be substantial, and the fines levied by the Information Commissioner’s Office (ICO) could destroy profit and put firms out of business.
Perhaps the slow start in issuing fines under General Data Protection Regulation has contributed to the relatively low uptake in insurance to cover this type of risk. While the ICO has now had powers for more than a year to impose fines of up to the higher of €20 million (£17.9m) or 4 per cent of global annual turnover, it is only relatively recently that it has started to flex its muscles.
While the cost of purchasing additional insurance is an expense most businesses would prefer to avoid, the take-up in cyber insurance policies has been relatively low given the potential implications of cyber incidents. However, it seems inevitable that firms will need to budget for these types of events given the relentless march of technology and its increasing everyday use.
In particular, the uptake in the use of artificial intelligence presents opportunities for business, but also creates exposure to potential liabilities.
Gordon Taylor, manager of the GS Group, Glasgow branch, believes that funds transfer fraud and distributed denial of service attacks are set to increase. “When purchasing a cyber policy, where such losses can be recouped under the cybercrime section, both insureds and their brokers should ensure that they consider the full range of first and third-party risks that they might face and select an adequate limit accordingly. The dawn of the internet has opened up a world of opportunity for businesses allowing them to reach new markets and increase their revenues. Along with this, however, has come new risks. One of the threats posed to businesses with an online presence are distributed denial of service attacks used by cyber criminals to take down websites.”
While insurance can provide some comfort to the insured, it remains as important as ever to be vigilant and ensure that systems are designed and staff trained to minimise risk where possible. Training of staff remains key and the importance of being able to deal quickly with incidents and mitigate their effect cannot be underestimated.
Lynn Richmond, partner at BTO Solicitors LLP