Brokers urged to deliver cyber threat message

Insurance brokers have been told they have an urgent need to educate their business clients the emerging cyber risks as new research finds a continued low take up for specific cover.

Research by insurer Aviva has found one in five businesses have experienced a cyber-attack or incident in the last year, a figure which highlights the critical role brokers can play in helping businesses improve their cyber protection.

The research which included 1,200 UK businesses of all sizes and industries found that businesses are 67% more likely to have experienced a cyber incident than a physical theft and almost five times as likely to have experienced a cyber attack than a fire.

However the rising threat comes with a growing  protection gap. Aviva said while most businesses have insurance to protect themselves from fire and theft, but just 36% of businesses said they have any form of cyber cover in place. Mid-market businesses are the most likely to have cover in place (51%), followed by large corporates (45%). Less than one in five small businesses (17%) have a cyber insurance policy – and the same proportion (17%) said they were unaware that cyber insurance existed.

“Cyber insurance is not high on businesses’ agendas: just 30% of businesses have reviewed their cyber insurance in the last 12 months, falling to 16% of small businesses. Conversely, 54% of small businesses said they do not intend to review their cyber cover requirements,” the research added.

Despite the relatively low take-up of cyber insurance, 56% of businesses said they are confident in their cyber security. This falls slightly to 49% of small businesses who expressed confidence in their cyber security measures, which is nearly three times the proportion of small businesses that have cyber cover.

“Businesses’ confidence in cyber security is undermined by the fact that only half (51%) of those surveyed said they knew what to do in the event of a cyber attack,” the research added. “This fell to 39% of small businesses who said they knew what to do if they suffered a cyber attack.  Not only does this increase the risk of further damage, it means that businesses also risk being non-compliant with data protection laws. Depending on the seriousness of the incident, businesses may be required to alert the ICO within 72 hours and sometimes also notify impacted individuals. Failure to do so can result in serious consequences, including fines of up to £8.7 million or two per cent of a business’ global turnover (whichever is higher).”

Commenting on the research, Stephen Ridley, Head of Cyber, Aviva, said: “The low take-up of cyber insurance coupled with the relatively high incidence of an attack highlights the serious nature of the cyber risk facing businesses.

“There is a compelling need for brokers to help educate their clients about the evolving risk of cyber and the need for businesses to protect themselves. Our research shows that more businesses suffered a cyber attack than a fire, theft or injury on their premises. Cyber insurance must now be considered as essential as property and liability insurances – and brokers play an integral role in helping their customers close the protection gap. The challenge for insurers and brokers is to work together to engage businesses and ensure that they are protected from this emerging risk.”

Loss of data (54%), a malware attack (46%) and operational disruption (43%) are the three biggest concerns businesses have about a cyber attack. Of those businesses that have experienced an attack, business interruption was a clear theme: 31% of businesses that have suffered a cyber attack said they experienced operational disruption, with a further 21% experiencing data loss and system lockdowns. Such interruptions led to businesses claiming an average of £21,000 per incident, according to Aviva data, although costs can run into the tens or even hundreds of millions of pounds.

Nearly all of those businesses that have experienced a cyber attack (97%) have taken some or all of the necessary actions to improve their cyber security. This near-universal reaction to improve cyber security following an attack shows just how upsetting an experience it can be for businesses.

To help brokers raise the need for greater cyber protection, Aviva said it has launched an accredited training programme, which aims to give brokers the knowledge and tools to talk confidently to their clients about their cyber risks and the insurance covers available to them.

Aviva has also launched a ‘Campaign in a Box’ for brokers, providing them with all the marketing tools to help them build awareness of cyber risks with their clients, and how they can protect themselves.

However the rising threat comes with a growing  protection gap. Aviva said while most businesses have insurance to protect themselves from fire and theft, but just 36% of businesses said they have any form of cyber cover in place.