Technology has presented us with immense benefits for our home and work lives.
The most important arguably include convenience and connectivity.
Tasks which once might have been costly in terms of time or expense, such as interacting with friends and family, attending meetings, shopping or watching movies, can now be completed in seconds from the comfort of our armchairs.
However, being so connected to individuals and organisations who might be half a world away has its downsides too.
It means that we leave a digital footprint, traces of our personal information which can be of great value to criminals.
Back in September, Broadway’s Director of Corporate Insurance, Martin Lilley, wrote on this blog how the topic of cyber cover crops up in every conversation with current or prospective business clients.
His thoughts have been echoed in recent days by the Chief Executive of one of the world’s biggest insurers, Zurich.
Mario Greco suggested that the increase in cyber claims would soon make such attacks “uninsurable“.
He reckoned that people needed to take cyber risks far more seriously. “There must be a perception that this is not just data”, he said. “This is about civilisation. These people can severely disrupt our lives.”
Even allowing for the fact that Zurich is undoubtedly still sore following October’s end to a bruising four-year legal battle with one of its clients, Mondelez, Mr Greco’s comments are not a knee-jerk response to a singular episode, albeit one on a massive scale.
A glance at figures issued by the Information Commissioner’s Office (ICO) shows that cyber attacks of all types were responsible for roughly a quarter of the 2,404 data breaches in the UK in the third quarter of the last financial year.
In the US, by comparison, the Government Accountability Office documented 32,511 cyber incidents during 2021 alone.
It’s not just the frequency but the scale of cyber attacks which is growing. Twitter is currently the subject of an investigation after hackers put details of more than 400 million account holders up for sale.
Given where investigations about the origins of certain attacks have led, Lloyd’s of London last August decided to stop covering losses stemming from hacks directed by particular nation states and during wars.
The ban will come into force at the beginning of April but is unlikely to dent the appetite of businesses for cover, even it becomes harder and more expensive to obtain.
That is because companies no longer view cyber policies as something which is simply nice to have. They are now essential and have become even more so since the Covid pandemic due to more people working – and sharing important data – remotely.
Falling victim to a cyber attack is more than just an immediate inconvenience – being offline and having to bolster security or compensate those affected. It can lead to serious reputational damage and the loss of the trust of customers, partners and investors which might sadly be irreparable.
I believe that Mr Greco and everyone else in insurance is right to be concerned.
Having said that, I wonder whether cyber attacks are really uninsurable or just the latest in a long line of challenges which the industry has managed to successfully address over the years.
There are probably three key areas of risk alive for corporate policyholders today: systemic issues, natural catastrophes and cyber attacks.
Although different in nature, they can be all addressed with data.
The insurance industry and its customers learned a considerable amount from the Covid-19 pandemic, partially as a result of a landmark ruling by the UK’s Supreme Court in January 2021.
Whilst extreme weather as a result of climate change seems a relatively new threat, we’re now seeing the sort of information which can perhaps act as a reference guide for insurers and businesses.
That very theme was explored at a symposium hosted by the European Insurance and Occupational Pensions Authority (EIOPA) in May last year.
We don’t yet have the same span of data in relation to cyber attacks just yet. When it does appear and has been thoroughly analysed, we will be better informed about how corporate clients can be protected.
It is certainly true that claims are less likely if security is robust enough.
In my experience, businesses used to be insistent about cyber cover when it was too late – when they had already been exposed to an attack.
As our exchanges with companies large and small illustrate, that is no longer the case.
Written by Daniel Lloyd-John, Chief Executive, Broadway Insurance Brokers