Market Research Logo

UK Cyber Insurance 2017

UK Cyber Insurance 2017

Summary

UK Cyber Insurance market is growing over time. Product penetration is increasing as businesses are becoming more aware of the need for cyber insurance in a world where they are dependent on the digital space and crime is moving online. All businesses are vulnerable and require cyber insurance, regardless of size or industry. While there is a large opportunity for insurance providers to increase product penetration and grow their commercial books, they must be cautious due to the unknown exposure and scale of cyber risk. Cyber Insurance is still developing its place within commercial insurance portfolios.

Businesses should be focusing on improving their cyber security, aiming to prevent breaches to protect customer data. While cyber insurance itself cannot prevent breaches, it has become an important tool in helping organizations recover from attacks and mitigate the impact on business continuity in all aspects of trade and reputation. Providers should promote cyber security, as increasing claims frequency and severity would put pressure on market profitability.

It is estimated that fraud and cyber offenses make up 47.3% of all crime according to the Crime Survey of England and Wales conducted by the Office for National Statistics (ONS). Cyber insurance penetration is increasing. 13.7% of UK SMEs held cyber insurance in 2016, compared to 2.1% in 2014. The average total organizational cost of a data breach is increasing. In the UK it rose by 14.5% from $3.45m to $3.95m from 2014 to 2016 according to the Ponemon Institute.

The report “UK Cyber Insurance 2017” discusses the growing need for cyber insurance and highlights product uptake among UK businesses. It explores how cyber insurance fits within a commercial insurance portfolio and examines the products offered by key market players. It demonstrates how the insurance sector can help improve understanding of cyber insurance, and how insurers and brokers can help promote the adoption of good practice to reduce the frequency and cost of breaches. The report will also discuss the most significant market developments over the past 12 months and how the sector is likely to develop in the future in reference to new initiatives and regulation.

Companies mentioned in this report: AIG, Zurich, Aviva, Hiscox

Scope

  • It is estimated that fraud and cyber offenses make up 47.3% of all crime according to the Crime Survey of England and Wales conducted by the Office for National Statistics.
  • Cyber insurance penetration is increasing. 13.7% of UK SMEs held cyber insurance in 2016, compared to 2.1% in 2014.
  • The average total organizational cost of a data breach is also increasing. In the UK it rose by 14.5% from $3.45m in 2014 to $3.95m in 2016 according to the Ponemon Institute.
Reasons to buy
  • Gain a better understanding of the need for cyber insurance among UK businesses.
  • Understand how cyber insurance fits within the commercial insurance space and how it is likely to evolve over time.
  • Discover how regulation and new government initiatives will impact the market.


  • Executive Summary
    • The UK cyber insurance market is still evolving
    • Key findings
    • Critical success factors
  • The Growing Need for Cyber Insurance
    • Introduction
    • Cybercrime is becoming an increasing risk for businesses
      • The rise of digital for businesses has grown the opportunity for cyber-criminals
      • Crime is moving online
        • Table Figure 1: Fraud and cyber offenses make up nearly half of crime in England and Wales
        • Table Figure 2: Bank and credit account fraud is the most common type of online crime
      • The full extent of cybercrime is hard to assess
      • There are a broad range of cyber risk characteristics
        • Table Figure 3: The taxonomy of cyber risk for businesses
    • All businesses are vulnerable to cybercrime
      • Cybercriminals are targeting large businesses and SMEs
      • Cyber insurance penetration is increasing over time
        • Table Figure 4: The percentage of UK SMEs holding cyber insurance has risen significantly in recent years
        • Table Figure 5: Cyber insurance has the lowest uptake of all commercial products among UK SMEs
      • Cyber insurance uptake is low for small businesses, despite them being vulnerable
        • Table Figure 6: Uptake of cyber insurance increases with business size
        • Table There are 5.2 million SMEs without cyber insurance in the UK, 96.4% of which are micro-sized
      • All industries that hold valuable customer information are at risk
      • Cyber insurance penetration varies by industry
        • Table Figure 7: Mining, electricity, gas and water supply services have the highest uptake of cyber insurance
      • Businesses are at risk no matter how sophisticated their cyber security system
        • Table Figure 8: Cyber risks are a key concern for UK SMEs
      • Many of the main business concerns for SMEs are cyber-related
        • Table Figure 9: Cyber risks are a business concern for UK SMEs
    • There have been many recent high-profile cyber-attacks
      • TalkTalk was fined £400,000 by the ICO for failing to protect customer data
      • Yahoo disclosed two large-scale breaches at the end of 2016
      • The largest NHS trust was targeted by a ransomware attack in early 2017
  • Cyber Insurance within the Commercial Market
    • Cyber insurance is still evolving as a product
      • Cyber insurance is still finding its place in the commercial insurance market
      • The debate between standalone and add-on cyber insurance products
      • The risk of add-on cyber insurance products leaving businesses with gaps in cover
      • Understanding of cyber insurance is increasing
        • Table Figure 10: Over half of UK SMEs now think cyber insurance is easy to understand
      • Brokers play an important role in the distribution of cyber insurance
        • Table Figure 11: Almost half of UK SMEs purchasing cyber insurance did so through a broker
        • Table Figure 12: Nearly 50% of UK brokers trade cyber insurance
    • A number of insurers provide cyber insurance
      • AIG's CyberEdge PC policy is flexible and designed to complement existing cover
        • Table Figure 13: AIG's CyberEdge PC fills gaps in other commercial cover
      • Aviva targets the small and mid-market with a bolt-on cyber product
      • Hiscox offers a standalone cyber and data risk insruance policy directly online
        • Table Figure 14: Hiscox allows SMEs to build their own insurance portfolio directly online
      • Zurich has a global focus for its product and associated breach response service
    • The claims landscape is constantly evolving with cyberspace
      • Hackers are exploiting the human element when targeting businesses
      • There has been a rise in ransomware attacks
      • Cyber risk is moving beyond data privacy issues
      • The organizational costs of data breaches are on an upward trend
        • Table Figure 15: The average per capita cost of a data breach remained steady between 2014 to 2016
        • Table Figure 16: The total cost from data breaches is increasing over time for organizations
      • Healthcare experiences the highest severity of claims
        • Table Figure 17: The per capita cost of a data breach is highest in the healthcare industry
      • Third-party involvement is the largest factor that increases per capita cost
        • Table Figure 18: Third-party involvement and use of the cloud adds the largest costs to data breaches
  • The Future of Cyber Insurance and Security
    • The cyber insurance market will continue to grow
      • Preventing attacks should be a focus for businesses, but cyber cover is still essential
      • Insurers have an opportunity to help businesses reduce their cyber risk
    • The UK government is committed to tackling cybercrime
      • Cyber Essentials allows businesses to certify they are cybersecurity conscious
      • GCHQ has published a 10-step guide to help businesses protect themselves
        • Table Figure 19: The CESG has developed a 10-step guide to help businesses establish cyber security
        • Table Figure 20: The CESG has developed a guide to help businesses understand common cyber attacks
      • The UK government is investing £1.9bn in a new National Cyber Security Strategy
    • The EU's GDPR will come into force in 2018, and will modernize data protection
      • The definition of what constitutes personal data has expanded
      • The directive will apply to anyone handling the data of EU citizens
      • Data processors will be subject to regulation
      • Those subject to regulation will need to show accountability
      • Customers have stronger rights when it comes to consent
      • Data breaches must be notified
      • Businesses may need to appoint a DPO
      • Regulation will be heavily enforced by large fines and frequent audits
      • The GDPR is expected to grow the cyber insurance market
      • The GDPR will drive better cyber security and help insurers model cyber risk
    • Cyber insurance will expand into personal lines
      • Cyber exposure for individuals has grown with the Internet of Things
      • Individuals are vulnerable to being targeted with cybercrime
      • AXA offers personal cyber insurance in France
  • Appendix
    • Abbreviations and acronyms
    • Methodology
      • Primary and secondary research
      • GlobalData's UK SME Insurance Survey
      • GlobalData's UK Commercial Broker Survey
    • Bibliography
    • Further reading

Download our eBook: How to Succeed Using Market Research

Learn how to effectively navigate the market research process to help guide your organization on the journey to success.

Download eBook

Share this report