Inga Beale, chief executive of the Lloyd’s insurance market, has called on the UK government to share data about cyber attacks as the industry is struggling to collect enough information about new digital threats.
Cyber insurance is one of the fastest growing parts of the industry as high-profile attacks — such as the one suffered by Tesco Bank earlier this month — drive up demand from companies for cover.
The market generates premiums worth about $2.5bn per year and is expected to grow to $7.5bn by 2020.
New EU regulations due to come into force in 2018 will make it compulsory for companies to report details of cyber attacks to the authorities, much as companies in the US do already. Ms Beale hopes that the industry can use anonymised versions of those reports to help with pricing.
Ms Beale said the lack of available data about past attacks was a problem for insurers who want to provide cyber coverage.
“We’d love to have the data to build up a fair pricing model,” said Ms Beale. “We’d very much like to be able to work with the government in 2018 and beyond to get a flavour of the types of breaches and the cost of them.”
Insurance experts expect the new rules to drive demand for cyber insurance as companies seek to cover the reporting costs and remedial work associated with an attack. Companies that suffer data breaches could face fines of up to €20m under the new rules.
Ms Beale says that Lloyd’s, which has a 25 per cent share of the global cyber market, has introduced 15 new products in the past year, and now offers coverage for the costs of reporting attacks, regulatory costs, liability for third party costs and business interruption coverage.
Buyers of cyber insurance have in the past complained that the policies on offer are too limited as they do not cover the damage that an attack can cause to a company’s reputation or brand.
Ms Beale says that policies at Lloyd’s now cover the lost sales that can result from reputational damage. “This is an opportunity [for the insurance industry] to build trust and prove that it can play the role we say it should.”
New data from AIG shows that ransomware and extortion cause the largest number of claims on cyber insurance policies in Europe, rather than higher profile data breach incidents. The US-based insurer says that ransomware accounted for 16 per cent of claims between 2013 and 2016.
Noona Barlow, head of liabilities and financial lines claims for AIG in Europe, said: “While ransom demands typically remain small, this form of extortion is a lucrative and relatively straightforward way of accessing ‘fast cash’ for cyber criminals and we can only see it growing in the future.”