Cyber insurance is critical to helping businesses view their cyber security defences holistically, but remains a missing piece of the puzzle for too many businesses, APMG International has warned. By achieving the UK Government’s Cyber Essentials, businesses automatically qualify for cyber insurance policies, providing a safety net in case they are affected and helping them recoup their losses.
Cyber Essentials is a checklist of the fundamentals that an organisation needs to get right, before it can be considered adequately protected against possible cyber threats. By certifying against Cyber Essentials with APMG, an organisation is providing an excess of the information required by a typical cyber insurance policy in a low-risk industry.
Richard Pharro, CEO of APMG, commented: “Plainly, prevention is better than cure, but the reality of the situation is that however well protected your business is, it will likely suffer a cyber-related breach at least once in its lifetime. The events of the past year in particular have shown how large-scale breaches can have had a marked impact on a company’s reputation, on their balance sheet, and on general operations thereafter.
“Fundamentally, a good risk management strategy incorporates the identification of risk, mitigation, management and the transfer of residual risk to insurers. Simply going through the process of looking at cyber insurance raises awareness throughout the organisation of how a breach would impact it – and what the organisation needs to do to protect itself. Cyber insurance can therefore help address threats but it is the missing piece of the puzzle for many businesses’ cyber defence strategies,” Pharro continued.
Cyber insurance is one of the fastest growing types of insurance globally: Lloyds of London reported a 50 per cent increase in insurance submissions during the first quarter of 2015, versus 2014. Additionally, a government-backed 2015 UK report by Marsh found that 11 per cent of organisations currently have a cyber insurance policy, but 39 per cent were planning on obtaining one in 2016. The paper also recommended that the best way to distribute cyber insurance to the SME market was to couple it with Cyber Essentials.
Simon Gilbert, Managing Director at Elmore Insurance Brokers, added: “Cyber insurance has been around for over a decade but it’s only relatively recently that it has started to be valued among organisations of all sizes and from all sectors. Businesses are fast waking up to the necessity of mitigating the impact of cyber attacks, driving demand for cyber insurance. At the same time, cyber insurers have realised that they need to be commercially minded and have subsequently streamlined their underwriting processes to help business understand the cover. What was an intrusive, time-consuming and expensive process has been simplified with the help of schemes like Cyber Essentials.
“If a business has a Cyber Essentials certificate then insurers recognise that it’s security awareness is actually better and therefore the risk profile is improved. This means the business automatically qualifies for a cyber insurance policy – and one that is easily accessible for SMEs in the UK,” he continued.