Stay up to date with the latest news & comments from Sutcliffe & Co

5 Reasons why Cyber Underinsurance or Uninsurance is concerning

There are many changes happening in the world of cyber and it is vital that businesses keep up with these and ensure they are properly protected. Cyber underinsurance or uninsurance is a real concern and this needs to be addressed by businesses to remain fully protected against more sophisticated cyber attacks, increased digitalisation within companies and cyber skills shortages.

We look at the 5 cyber changes that are affecting businesses.

1. Sophisticated attacker methods – criminals invest more time to get to know their target. Rather than just encrypting data where ransomware and backups were a viable solution, they are stealing data and threatening to publish it. These new methods require much more in the way of investigation and remediation. When this happens there are additional considerations that need to be taken, such as reporting and notification requirements under legislation such as the Data Protection Act 2018 / GDPR.
2. Increased digitisation – The pandemic changed the way many businesses worked, with many turning to the digital arena to continue working. Remote working and hybrid teams were quickly established, online meetings became the norm and selling online grew. Although the digital world meant that business carried on, it also meant that any disruption to systems may have a greater impact than the same incident in an analogue world.
3. Cyber skills shortage – as technological systems become more sophisticated and the type of cyber attacks that companies are now facing, there is a particular skill set that will be required to investigate and remediate cyber attacks, in particular IT forensics. Many companies do not have access to these skills and certainly, SMEs will not have them retained in-house so are reliant on outsourced support. Unfortunately, there are still not that many service providers that can support so many businesses.
4. Setting the right limits – The result of everything previously discussed is that even the smallest of companies could see a cyber attack incident costing tens or hundreds of thousands of pounds. Larger company’s costs could be running into millions of pounds. It is therefore important that companies select a limit that is based on an actual assessment or calculation which sets the right amount based on the cyber risk for the business. This will ensure that they have a realistic limit that is sufficient to fully indemnify them and are not left exposed.

It should be noted that cyber insurance typically doesn’t come with an average clause, so the impact on attritional claims isn’t as marked as it is in property policies.

5. Understanding the risks – Adequacy of limit as discussed above is one element of underinsurance however, the biggest challenge to Cyber remains uninsurance.

According to the 2022 DCMS Cyber Security Breaches survey, only 38% of businesses say that they have cyber insurance. Those with a specific and stand-alone cyber policy are only a concerning 5%. These statistics are worrying and highlight a wider issue: not only do customers not have the right level of cover but they don’t understand what cover they actually have in place.

This is particularly pertinent given the insurance industry’s efforts to remove ‘silent cyber’ cover from non-specific cyber policies or sections over the last 24 months.

Keeping abreast of the challenges and changes that cyber issues bring to businesses is vital to remain properly protected.  Having the right level of cyber insurance will play a large part in this. To discuss your cyber protection with a specialist adviser please get in touch with us on 01905 21681 or email Enquiries@sutcliffeinsurance.co.uk.