U.K. government, insurers double down on cyber risk

The U.K. government has announced a set of joint initiatives with the insurance sector aimed at improving the suitability and availability of cyber insurance and risk management against cyber attacks.

The U.K. government’s Cabinet Office and Marsh L.L.C. on Monday published a report on cyber security and pledged to make London a global center for cyber insurance.

The report, “U.K. Cyber Security: The Role of Insurance in Managing and Mitigating the Risk,” found that 81% of large companies and 60% of small companies in the United Kingdom suffered a cyber security breach in the past year.

But while 52% of CEOs believe that their companies have insurance coverage for cyber attacks, less than 10% of U.K. companies have purchased cyber insurance coverage, according to the report.

A lack of data pooling has hampered insurers’ ability to develop pricing models and coverage, the report said.

Also, the potential for the aggregation of losses affecting a large number of companies is a concern for insurers, according to the report.

The report recommends the establishment of a forum between the government and the insurance sector, including the Association of British Insurers and Lloyd’s of London, on “data and insight exchange for policy discussions,” among other things.

The report also said the insurers that participated in the report would agree to include a government-backed industry accreditation, known as Cyber Essentials, as part of their risk assessment in a bid to encourage more small and medium-sized companies to actively manage cyber risks.

The Cyber Essentials program was launched in April last year and gives companies guidance on best practices for managing cyber risk.

The report also recommended that companies designate a board-level executive as the “owner” of cyber risks and develop a companywide recovery plan and use stress testing to shore up resilience against cyber threats.

“Insurance is not a substitute for good cyber security but is an important addition to a company’s overall risk management,” said Francis Maude, minister for the Cabinet Office and Paymaster General, in a statement.

“Insurers can help guide and incentivize significant improvements in cyber security practice across industry by asking the right questions of their customers on how they handle cyber threats,” he added.

The report followed a meeting last fall between insurers and the government to find ways to improve cyber security and the insurance response and gathered input from 13 insurers and a large number of corporations, Marsh said.