An unlikely story: how did this historic rock become a dynamic and modern financial centre? (Shutterstock)
Show Hide image

Rock steady: the story of Gibraltar’s booming insurance sector

Gibraltar’s insurance sector has seen explosive growth since joining the single market: one in six UK motorists are now covered by a company on the Rock. Yet, as in the UK, it remains a challenge to convince young people that insurance is “as glamorous as being a barrister”, says Chris Johnson, chairman of the Gibraltar Insurance Association

Gibraltar in the late 1990s accommodated no more than a dozen insurance companies. Remarkably, this has now grown to over 50 companies with more than £3.5bn of premiums written here, and nearly £10bn of assets in insurance companies.

What, then, has driven the growth of Gibraltar’s insurance industry over the last 20 years, and what does it look like now?

Gibraltar is an unusual community - a British Overseas Territory located at the southernmost tip of Europe. It can be slightly odd sometimes to arrive here, driving in from Spain, and see British policemen’s helmets and red phone boxes. The place is full of history, having been ceded to the British crown in perpetuity by Spain over 300 years ago. Today it is home to colonies of tailless monkeys that are fiercely protected (it is a popular local myth that if the monkeys leave, Gibraltar will cease to be British). But it also has a less whimsical side – Gibraltar has always been a mini-nation of merchants and traders and it takes its business seriously.

In 1997, Gibraltar acceded to the Single European Market for Insurance, its regulatory body (the Financial Services Commission) having been recognised as a competent regulatory authority within the EU. This meant insurers that had their head office on the Rock would be regulated by the FSC, and could now “passport” (carry out its activities) into other European Economic Area territories, either under the doctrine of “Freedom of Services” or “establishment”.

But what exactly do these terms mean? Well, establishment involves setting up a branch in the country where the insurance company wants to insure risks – Freedom of Services means that the insurer can underwrite risks in the other country on a cross-border basis. Under EU law, the insurer can do this without needing to apply for a licence in that country, provided they follow passporting procedures and complies with the law of the country where they are insuring.

So in the early part of the 21st century, Gibraltar embarked on a series of initiatives to take advantage of its new status and enhance its offering for insurance.

Most notable of these was the passing of the Protected Cell Companies Ordinance in 2001, a piece of legislation that enabled companies to segregate into divisions focused on different types of insurance. A simple way to imagine this would be to think of a flower – with the core company in the middle and a variety of petals (divisions) surrounding it, financially independent from each other (and therefore safeguarded from liability for another division’s risks or losses) yet benefitting from the strengths and securities of the whole.

Over the next few years Gibraltar’s insurance industry grew and grew – today there are some 57 insurance companies fully operative on the Rock, as well as the various service providers that support the industry. There are a variety of insurers in Gibraltar, including captives, Protected Cell Companies, liability insurers, and property insurers. But the biggest success story has been in motor insurance, especially doing business in the UK market. Its 25 motor insurers cover one in six UK motorists, almost double the market share of Lloyd’s of London.

Gibraltar’s biggest challenge has probably been in terms of skill shortages. The community of the Rock numbers no more than 30,000 people, the size of a small market town, and often punches above its weight in terms of the talent it produces in politics and the arts. The legal and accountancy professions are popular choices among teenagers leaving school and going to further studies, and insurance works hard to attract leavers to the industry. Recent studies have shown however that insurance is one of the least popular graduate career choices in the UK and Gibraltar seems to be no different.

When I arrived in Gibraltar in 1987, there was a very small indigenous industry with a tiny international dimension – I was one of only two qualified insurance persons on the Rock and the other was a colleague of mine, also from the UK. Over the years though, we have drawn more young Gibraltarians into the industry. The establishment by the GIA in 2008 of the Gibraltar Insurance Institute both vastly improved educational standards within the industry, and helped bringing young people in. We’re still not quite as glamorous as barristers, but we’re getting there!

The GIA today has an excellent relationship with our regulator, the FSC, and with government. We speak loudly when issues arise, and we like to feel that we are listened to. Our community is one that listens and responds to its industries.

It’s a bit of an unlikely story; a rock steeped in history becoming the base for a dynamic and modern financial centre. But the insurance industry, and other branches of the finance centre in Gibraltar, are living proof of the forward-looking and proactive business attitude that has infused this little bit of Britain at the foot of the Iberian Peninsula.

Chris Johnson ACII is chairman of the Gibraltar Insurance Association (GIA) and director of the Robus Group

Photo: Getty
Show Hide image


Cyberspace: the final frontier

With a Gibraltarian team set to enter the finals of the Cyber Security Challenge UK, Guy Clapperton looks at some of the fundamental mistakes people still make in securing their personal and business networks.

A few years ago I was stand-in news editor for a computing publication which had better remain nameless. I was asked to go and check the regular person’s database of press releases for stories. It was inaccessible unless you had the password, so I just tried p-a-s-s-w-o-r-d. I was in immediately.

It wasn’t a problem as the organisation wanted me to have the information, but what if it hadn’t? What if I’d been in HR or finance instead, and had malicious intentions? Presumably that little hole has been plugged by now but it’s indicative of the sort of managerial rather than technological issue people can face if they’re not careful. The Cyber Security Challenge UK laudably highlights the talents of young people when it comes to working out means of protection and the excellent progress of the Gsec team from Gibraltar is promising. However, two things stand out as needing to be addressed: first, the extent of the problem, and second, the basic errors people like my ex-client still make.


The extent of the problem is hard to pin down when you’re in the press. Walk into a room full of CEOs and ask who’s been hacked and regardless of the truth, nobody is going to confirm it’s happened to them because nobody wants it publicised. This is reasonable enough, and when someone like Sony a few years ago or Ashley Madison more recently suffer Cyber-attacks you can be sure these are just the ones the press has heard of. There is other data, though, to suggest the issue will continue to grow. This article is being published on Tuesday 9th February, designated Safer Internet Day, and to mark it security company Kaspersky Lab has published research that suggests 12% of 16 to 19 year olds in the UK know someone who has done something illegal on the Internet; 35% would be impressed if a friend hacked into a bank’s website and replaced the homepage with a cartoon and one in ten would be impressed if a friend hacked into an airport’s traffic control systems.

There wasn’t any data on how many teenagers would say any old thing to shock a researcher. However, the first point is the most salient – over one in ten suggest they’ve seen someone do something illegal electronically. So, if you’re a business owner or just concerned about your security it’s just as well to ensure that a number of previous clangers don’t affect you.

Managerial errors

Security is far from just electronic. A handful of things can go wrong because staff haven’t been briefed:

  • You protect all electronic copies of every sensitive document and someone prints one of them out – and leaves it on the printer for an hour before picking it up. Or leaves it in a hotel lobby, on a train…all of these things have happened and hard copy print isn’t protected or encrypted.
  • You have visitors to your company and one of your employees nips to the loo. This is fine as long as their screen saver covers anything sensitive pretty quickly, and as long as the screen saver is password protected so someone wiggling the mouse or pressing a key won’t be able to get at all the details.
  • Pet names, partner names and the word “password” have never been good passwords and it remains poor practice to keep the default PIN that came with your phone’s voicemail.

Finally, back on the technology side, if you have a small network and it’s big enough to have a network administrator, don’t forget to ensure their administrator password is changed frequently and not easy to guess. There have been instances in which this hasn’t been done, and that password controls the system that can change all the other passwords and lock you out.

A lot of it is common sense. The Gsec team will be looking to defend people from more sophisticated attacks – but never overlook the obvious.

The New Statesman will be publishing a supplement on Cybersecurity in the issue dated 26 February.

Guy Clapperton is the freelance journalist who edits the New Statesman’s Gibraltar hub. You can also find him in the Guardian, Computer Business Review and Professional Outsourcing which he edits.