London calling: The ‘global center’ for cyber risk management?

By Todd M. Rowe on March 25, 2015

USA-UK-flagsOn March 23 Marsh and the UK Government released a Report titled: UK Cyber Security The Role of Insurance In Managing And Mitigating The Risk. 

The Marsh report is stated to be “the result of close working between the Government and the insurance sector” in the UK and is intended to address the role insurers can play in reducing cyber risk.

This report places a unique perspective on how the insurance industry can help mitigate cyber threats and risks. It provides further perspective as the US Government and insurance industry struggle with insurance coverage for cyber threats and risks. For example, on March 19, 2015 the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security held a hearing titled “Examining the Evolving Cyber Insurance Marketplace.”

The Marsh report first examines legitimate concerns over estimates that cyber insurance costs approximately three times more than general liability and six times more than property insurance. While acknowledging costs may be higher for cyber insurance as research and modeling develops, the report addresses other economic benefits provided by cyber insurance which include:

  • Insurance creates incentives to create safeguards against cyber threats. “Insurance places a cost on firms’ cyber risk through the premium they pay, and the prospect of a reduced premium then encourages firms to take steps to mitigate the risk.”
  • Insurers gather information and gain a better understanding of cyber threats. “Insurance goes arm-in-arm with loss prevention. Insurers will help firms reduce their losses by providing insight from claims and near misses across their client base.”
  • Insurers offer their collective experience to combat cyber threats. “Insurers bring their knowledge and experience of more established risks that can be applied to cyber.”

The report provides an interesting perspective on differences between the insurance markets in the US from those in the UK.

 Insurers tend to conflate cyber with data breach given the well-developed demand for that cover driven by US regulation.

Commentators are already suggesting that the partnership between the Government and UK insurance companies may fill a gap caused by the lack of the public breach notification system found in the US. Further, the report indicates there are “broader concerns” in the UK including business interruption, damage to property and theft of intellectual property which the US system does not properly address.

Cyber risk management may provide “an export opportunity for London.” Specifically, the report states the “London market is well positioned to compete for large and complex risks, and over time has provided innovative solutions for new threats.” The sector “is demonstrating that the UK is the natural home for a growing global cyber insurance market,” it continues.

The volatility in pricing in 2014 for cyber insurance is expected to continue in 2015. Therefore, in cyber insurance’s  emerging stages it is easy to question whether it is necessary. Some are already dismissing cyber insurance merely because there was no need, thankfully, for Y2K insurance.

However, as Marsh’s report demonstrates, the UK is taking cyber insurance seriously and is hoping to make London the “global center” for cyber risk management. Therefore, it will be important to monitor developments in the UK and question whether our system, driven by breach notification laws, is developing at a pace sufficient to respond to this risk.

Todd M. Rowe is an attorney in the Chicago office of Tressler LLP. He focuses his practice in insurance coverage representing specialty, property and commercial lines insurers in litigation and non-litigation disputes. He also regularly provides guidance on issues related to policy analysis and drafting and claims handling procedures. Todd has actively practiced in Wisconsin, Michigan and Illinois and has been involved in a number of insurance coverage matters in various other states.