On March 23 Marsh and the UK Government released a Report titled: UK Cyber Security The Role of Insurance In Managing And Mitigating The Risk.
The Marsh report is stated to be “the result of close working between the Government and the insurance sector” in the UK and is intended to address the role insurers can play in reducing cyber risk.
This report places a unique perspective on how the insurance industry can help mitigate cyber threats and risks. It provides further perspective as the US Government and insurance industry struggle with insurance coverage for cyber threats and risks. For example, on March 19, 2015 the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security held a hearing titled “Examining the Evolving Cyber Insurance Marketplace.”
The Marsh report first examines legitimate concerns over estimates that cyber insurance costs approximately three times more than general liability and six times more than property insurance. While acknowledging costs may be higher for cyber insurance as research and modeling develops, the report addresses other economic benefits provided by cyber insurance which include:
The report provides an interesting perspective on differences between the insurance markets in the US from those in the UK.
Insurers tend to conflate cyber with data breach given the well-developed demand for that cover driven by US regulation.
Commentators are already suggesting that the partnership between the Government and UK insurance companies may fill a gap caused by the lack of the public breach notification system found in the US. Further, the report indicates there are “broader concerns” in the UK including business interruption, damage to property and theft of intellectual property which the US system does not properly address.
Cyber risk management may provide “an export opportunity for London.” Specifically, the report states the “London market is well positioned to compete for large and complex risks, and over time has provided innovative solutions for new threats.” The sector “is demonstrating that the UK is the natural home for a growing global cyber insurance market,” it continues.
The volatility in pricing in 2014 for cyber insurance is expected to continue in 2015. Therefore, in cyber insurance’s emerging stages it is easy to question whether it is necessary. Some are already dismissing cyber insurance merely because there was no need, thankfully, for Y2K insurance.
However, as Marsh’s report demonstrates, the UK is taking cyber insurance seriously and is hoping to make London the “global center” for cyber risk management. Therefore, it will be important to monitor developments in the UK and question whether our system, driven by breach notification laws, is developing at a pace sufficient to respond to this risk.