Insurance company Tryg has predicted that 90% of its corporate customers will have to buy cyber-crime insurance in the next five years to protect their restricted data and valuable IT systems against hackers. Over the last year, several accounts of cyber-attacks hitting a vast number of large international organisations have been recorded; the most renowned incident being the WannaCry ransomware attack back in May that affected more than 300,000 computer systems worldwide.

Following the infamous attack, Tryg, Denmark’s largest insurer, has sold over 5,000 cyber-crime insurance policies since launching its assistance in data and systems restoration; astounding figures that are set to rise across as the number of insurance brokers who offer this type of protection increases to meet the demand. It, therefore, comes as no surprise that cyber insurance is becoming one of the fastest growing sectors of the industry, with it being worth an estimated £15 billion per year internationally by the year 2025.

Tryg’s Chief Executive, Morten Hubbe, stated: “There are no corporate clients today that don’t have insurance on their buildings or cars, but I think that within a few years it will be just as evident that you should insure against cyber-crime.”

In response to the latest influx of cyber-attacks, the UK financial regulator expressed their concerns about the impact of coordinated large-scale attacks on organisations to express sensitive data. They have urged insurers to conduct stress tests to figure out where organisations are most vulnerable to cyber-crime. However, many insurers have highlighted the difficulty in accessing enough data to provide an accurate representation of the risks of cyber threats, as well as the financial consequence of large-scale attacks that can potentially affect a number of businesses, especially if they are connected via the same network. Ultimately, this will affect how insurance brokers mould their insurance packages and their associated costs.

However, The Prudential Regulation Authority (PRA) announced a set of rules that insurers are expected to follow when dealing with cyber threats, asking for board-level oversight of cyber exposure to be implemented. The expectation is that insurers will complete routine stress tests to analyse and plan for what would happen if a vast number of cyber claims were to be placed at the same time. The PRA also touched on the matter of non-affirmative risk, a lesser-known aspect of a cyber threat, where regular insurance policies cover such specialist areas, sometimes unknowingly to the insurance broker themselves. The expectation of insurance brokers to be clear on what elements of cyber risks are covered in their policies, including their regular ones – where premiums are adjusted to reflect this type of cover.

The stark reality is that UK businesses are currently unprepared for the threats posed by cyber-attacks, and many organisations are unintentionally skipping this important area of insurance coverage. The implications, however, of the relatively new but expanding risk of cyber-attacks means that there will be a wide range of cover policies available on the market with varying associated costs. It is, therefore, important for businesses to find a cost-effective insurance coverage that best suits the needs and structure of their business but also reflects the evolution of cyber-attacks. This is where business cost management companies, such as ourselves, are particularly useful for businesses.

We have a number specialist insurance consultants who will be able to help your business source and compare specialist cover and provide you with independent advice on which insurance package will best cover you against cyber-crime, as well as ticking other necessary boxes. Get in touch with us today to find out how we can help you.

Written by Chris Coomber