Cyber & Data insurance is a relatively new product in the UK, but it’s evolving quickly. Over the past few years, claims numbers – and costs per claim – have risen, leading to insurers making immediate changes to such policies.

Below, we’ve outlined five key trends that have developed in Cyber & Data insurance, and what we expect to see in the future.

1. Protection

When insuring your own property, be it at the office or at home, there’s always a certain level of protection required. From having an acceptable standard of locks on windows and doors, to fitting an alarm for more valuable items, insurers want to minimise the risk of anything unfortunate happening.

This is the same with Cyber & Data protection – you need to do all you can to defend your business against digital risks. Minimum requirements include:

• Use of anti-virus software
• Immediate updates to your systems as soon as they’re released, and no use of unsupported software
• Implementation of multi-factor authentication, particularly on cloud-based systems such as email
• Continued employee training on how to minimise risk

Our advice is to be proactive by investing time and money into the digital security of your organisation. This will help to safeguard your business and make you a more attractive risk to insurers.

2. Premiums

In recent years, Cyber & Data premiums have been consistently low, especially for SME businesses. This is because insurers wanted to attract a high number of customers before the claims numbers built up.

Now they have a significant number of policyholders, claims are occurring more frequently, and the average costs of each are getting higher. As a result, insurers have adjusted their pricing to remain profitable.

We predict premium increases across the board, with organisations in certain sectors, such as charities or education, being severely impacted.

3. Cover

If there’s strong competition for clients, insurers try to differentiate themselves from other providers by offering wider cover to the policyholder. Soon, we anticipate that insurers will focus primarily on pre-loss risk management tools, such as employee training or vulnerability checking, with the aim of preventing a loss from happening in the first place.

It’s a good idea to take full advantage of these additional benefits. After all, you’re paying for them automatically within your premium, and it’s a positive way to protect your business.

Risk management services are not the only pre-loss tool insurers use to reduce the impact of claims, they’re also able to restrict the cover. It’s slightly less common, but some insurers have already taken steps. So far, the application of inner limits has protected claims costs the most, such as for ransomware attacks. We believe this method will be used by insurers more often going forward.

4. Information

Previously, Cyber & Data cover was a relatively simple product to transact. The quote process relies on assumptions, with a few small details from the business seeking protection. And terms are often provided with a simple Statement of Facts document to check.

Whilst that will likely remain the same for micro SME businesses in low-risk sectors, for others, we expect a more detailed underwriting process. This could be anything from completed proposal forms, specific risk questions, or a wider review of businesses to gain a deeper understanding of the risks you face, and what you’ve done to counteract them.

The requirement for the increased information will centre around the following aspects of your organisation:

• What sector you operate in
• What services you deliver and how
• Your company size and turnover
• The exposure your business has to data (quantity, type and geography)
• What insurance limit you require

Our recommendation is to give your business extra time, both for initial insurance quotes and for any renewal. If it turns out you do need to provide more information, this can be a slow process, so the sooner you start, the better.

5. Limits

Insurers are looking to manage their exposure across their entire client portfolio. This means they’re being more cautious with what limits they’re willing to offer.

Where insurers may have quoted limits of £5m in the past, now, they can be reduced to £2m, or even lower for perceived riskier companies. Sometimes, higher limits can be offered with comprehensive information on the cyber and data risk management of the business. Other times, the only option is to purchase additional excess liability policies to top up your cover – but that can be more expensive.

Occasionally, there’s a mismatch between the genuine exposure of your company, and the limits clients may ask you to hold under contract. For example, an SME might be working on a small project where the data exposure isn’t huge, therefore a £2m limit could be sufficient for the worst-case scenario. So if a client contract states that the business should hold a £5m or £10m limit, we recommend pushing back.

How can RiskBox help?

We live and breathe insurance, and when it comes to Cyber & Data cover, we can place you with an insurer that offers some of the most comprehensive policies on the market.

Not only do we meticulously vet all the providers we recommend, we also check every new policy that gets released, to ensure our clients are appropriately covered. What’s more, we partner with industry-leading voices to help us stay up to date on the latest cyber trends.

Like the sound of our approach? Get in touch with a member of the team on 0161 533 0411, or fill in our contact form and we’ll get back to you.

Author: Sam Johnson

Photo by Christopher Gower on Unsplash