Support 100 years of independent journalism.

  1. Business
  2. /
27 September 2013updated 22 Oct 2020 3:55pm

How do you insure the intangible?

Cyber-liability: new and fast growing.

By rebecca larkin

Cyber liability insurance is a newly-established insurance category in the UK, estimated by the industry to represent GBP3–4 million, or just 0.01 per cent of the country’s non-life gross written premiums. However, this belies the market potential, with an estimated 4.8 million private businesses registered in the UK and growing use of the internet among these firms.

Indeed, it is developments in the use of information technology for business that have highlighted the issue of liability in cyberspace. Firms collect, manage and store data electronically, social media interaction has increased and portable computing devices are growing in popularity. This technological evolution means UK firms are increasing their exposure to cyber threats such as hacking, extortion, data leaks and business downtime, all of which could result in an onerous financial burden to resolve.

A number of high-profile data leaks during 2011 and 2012 highlighted the costs involved when personal data is exposed. Beyond the obvious monetary costs of launching an investigation and settling compensation payouts comes the costs which are more difficult for underwriters and businesses to quantify: damage to reputation, business disruption and lost business all have to be taken into consideration. A joint industry and government report, the Information Security Breaches Survey for 2013, calculated that in the aftermath of its most serious data breach, the highest cost to a large firm (more than 250 employees) stemmed from damage to reputation, followed by response costs and business disruption (see chart, below). For smaller businesses the cost of business disruption is, on average, eight times higher than any other resulting cost.

Average cost of a large organisation’s worst cyber incident (GBP, 2012)

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s global affairs newsletter, every Monday and Friday. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A weekly dig into the New Statesman’s archive of over 100 years of stellar and influential journalism, sent each Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

Industry surveys suggest a low awareness of cyber liability products among UK businesses. In all likelihood, managers believe these intangible risks are covered by their existing commercial liability insurance policies, yet traditional policies do not tend to address issues related to the internet or electronic data.

If the growing risk in the impalpable world of cyber data does not provide the catalyst for uptake of cyber liability insurance, regulatory changes will likely prove the strongest incentive for British businesses. The European Commission (EC) aims to harmonize laws on the protection of personal data across the EU. In the event of personal data being exposed, firms will be mandated to notify national authorities – the Information Commissioner’s Office in the UK – and will face fines for non-compliance. The new law is slated for introduction in 2014 and is expected to be the primary growth driver of cyber liability insurance over the next five years.

This piece first appeared on Timetric