22/05/2024Partner Carl Rohsler announces the publication of In Depth Gambling Law, published by Lexology
Memery Crystal Partner and leading gambling expert, Carl Rohsler, announces the publication of the ninth… Read more
16/04/2015
Cyber security is a prominent issue currently preoccupying the businesses world. There is a realisation that rather than just being a “tech industry issue” it has the potential to be an issue for all.
Whilst recent statistics show that 81% of large businesses and 60% of small business suffered a security breach in 2014, not only do many business leaders not know that insurance has the potential to cover cyber risks, only 2% of large firms have explicit cyber cover and 0% of small firms have any such cover.
For this reason, in March 2015, HM Government released a report (which provided the above statistics) on the threat of cyber security to UK businesses and the role of insurance in managing and mitigating the risk.
The report highlights how cyber-attacks occur, whether it be by attacking vulnerabilities in the IT infrastructure or whether by attacking the vulnerability in the human capital of the business by ‘social engineering techniques (such as phishing)’ in order to obtain personal credentials that will provide access to target IT systems. It also goes on to point out the potential damage caused from IP theft (generally the biggest fear of the larger firms) to physical personal harm which is an increasing concern given the increasing interconnectedness of everyday life through the Internet of Things. The most talked about source of damage is, however, reputational damage. One does not have to cast one’s mind too far back to remember two global online video platforms that were attacked by ‘hacktivists’, causing outrage, huge costs to the businesses and a severe drop in confidence in the respective companies.
A key focus of the report is the increasing importance of the role of insurance and how it not only may financially protect a business after an attack, but how it can also motivate and assist in businesses proactively avoiding becoming the victim of such malicious incursions to their virtual environment and intellectual property.
Issues for businesses…
The report outlines how firms can “get to grips with cyber risk”, as many businesses are unaware of how to initiate change implementing cyber security management. With this in mind, the Government has launched a Cyber Essentials scheme assisting businesses in this respect. It was noted that cyber-attacks can be ‘rapid, highly damaging, and public, potentially leading to a vicious cycle of declining investor and customer confidence and therefore cash availability’ and as such, businesses need to consider a risk management system overhaul reflecting the dynamic and fast-paced nature of cyber security including the implementation of appropriate insurance cover.
The value of insurance…
Three hypotheses were outlined which briefly underlined the value in insurance to companies:
Businesses should also be encouraged to perceive good cyber-security as an additional “selling point” as well as a risk-limiting necessity.
From the report, it is clear to see that the Government is keen to convey that the UK has world-leading cyber security expertise and services.
Issues for insurers…
The report goes on to highlight that insurers themselves have much to do in assisting businesses. Many businesses do not regard insurance as a necessity or a tool to combat cyber-attacks and those who do, do not have the cover they believe they have. Much of this is down to the insurers themselves. Unclear pricing methods may lead to little understanding of the value of insurance from the business’ point of view. Furthermore, insurance contracts are complex and laborious and inevitably include many disclaimers and exclusions.
Pricing problems…
A question that arises often is the quantification of the risk. Identifying how sources of funding will respond from the impact of a cyber-attack is vital to the liquidity of a business. If businesses focus solely on the absolute loss (the more traditional method), although this will be important in the long run of the business, it will not be so relevant in a cash crisis.
Added to this, little price differentiation across firms and premiums set at three times the amount of those for other business-disruptive disasters, undermines the confidence businesses have in the pricing strategies of the insurers due to the perception that the insurers cannot adequately calculate the risks. This may result in complacency on the part of the businesses.
An issue for the insurers is the lack of data gathered about cyber damage resulting in less information upon which they can set their prices. This comes not only from the nascent characteristic of the cyber problem but also from the problem of non-reporting by the businesses who do fall victim to cyber-attacks.
Initiatives driven by the Government, the Association of British Insurers and Lloyd’s, as well as EU initiatives, are underway to address these concerns in order to help insurers clarify their policies and develop adequate data and insight exchanges with the aim of helping insurers provide appropriate cover.
So what about the insurance policies on offer…
As mentioned previously, the complexity of the policies offered by the insurers has the potential to be a hindrance to full-scale take up of cyber insurance. The report highlights that common gaps in traditional insurance policies can include:
The report states that it is a necessary response for insurers to develop tailor made and dedicated policies that address the key risk factors of the clients whether this be bolt-on policies or stand-alone policies. It has be suggested that the insurers should provide a ‘statement of cyber assurance’ which would outline precisely what the policy covers and what it does not.
The role of the UK…
The UK is rapidly cementing itself as being at the forefront of all things tech. This has been confirmed by the newly appointed Whitehouse CTO, Megan Smith, stating that the US is years behind the UK when it comes to digital tech in government. London, in particular is emerging as a dominant force in the cyber security-focussed industries due to having the ability to tackle the complexity and the dynamism of the issues faced. Lloyd’s and UK Trade & Investment have collaborated to promote London’s virtues further around the world including the financial, legal, advisory and technical services that the Capital offers.
Tim Ryan
Max Binney
Information contained in this post does not constitute legal advice and is provided for informational purposes only. Recipients should not act upon it, but should seek legal advice relevant to their own situation.
Memery Crystal Partner and leading gambling expert, Carl Rohsler, announces the publication of the ninth… Read more
In this five-part audio series in association with The Gambling Law Review and Lexology, Partner and renowned gambling… Read more
In this five-part audio series in association with The Gambling Law Review and Lexology, Partner… Read more