Will Cyber Insurance become compulsory for UK firms in 2017?

This is the question that is keeping insurance providers, brokers and entrepreneurs on the edge of their seats. This is all because of an EU regulation pending review and with the UK’s Brexit strategy still a working progress, it is unclear whether UK businesses will be forced to purchase cyber insurance.
As Computer Weekly explains, 46 out of 50 US states have made a commitment to making Cyber Security compulsory and something has been drafted for the EU, but this has been ‘put on hold’ whilst the UK works on leaving the EU.
Certainly, for insurance brokers and anyone looking to capitalise post-Brexit, the potential opportunities for selling and comparing policies is enormous. Imagine if every single firm in the UK had to have a formal policy for their cyber security? The value of policies could easily runs in the billions of pounds.

Why should Cyber Security Insurance become a requirement?

The risk of a cyber attack is huge and the potential costs are even bigger. It was reported today that a data breach at Yahoo has leaked the details of over 1 billion people. The costs that Yahoo are going to incur to repair their brand image, compensate customers and repair any damage will be sizeable. Of course, Yahoo are ahead of the game and will already have insurance in place. But what will stop it happening to you?
In 2014, 60% of small businesses experienced some kind of online data breach and this cost the average firm around £75,000. Cyber attacks come in several different forms, other than just stealing personal details and email addresses, it also includes:

  • Virus or Worm spreading and shutting down your computers and servers
  • Trojan Horse – a backend code that can steal, corrupt or destroy data
  • Phishing – a corrupt link that when clicked on, causes the computer to corrupt (think Anna Kournikova spam email from years back)
  • Employee – it doesn’t always have to come from a malicious external attack, it could be a member of staff accidentally sending the wrong email and sensitive data to other team members or suppliers

What cover will be businesses have to purchase?

Policies are already available and some companies have already had them for years. Basic cover can cost as little as £15 per month and this can give you £5 million worth of cover. Obviously some firms will have much bigger requirements and will need protection that runs in the hundreds of millions.
The insurance will pay for any replacements and reimbursements for loss of data, legal fees, PR and brand rebuilding, extortion costs and business interruption (if your business has to shut down altogether or temporarily). Having sufficient insurance in place can limit any financial losses and company downtime, and can be included in your general business insurance policy.
There is strong case for companies to purchase this insurance anyway if they are reliant on computers and technology as part of their day-to-day business. Yahoo is a perfect example of why this should be a priority for organisations. However, whether it will be compulsory as part of EU legislation is still yet to be determined.