14 June 2017Insurance

Quantifying reputational damage from cyber keeps insurers awake at night

Insurers are grappling with the quantification of the damage to a business’s reputation that arises from a cyber attack, as this is not currently covered in cyber policies across the industry.

This was one of the key themes that emerged during a panel of cyber specialists speaking at the Airmic Conference 2017.

Citing the recent global system outage of British Airways, the ransomware attack on the NHS, and the data breach of TalkTalk, there are subsequent damages that arise from such examples that the industry still needs to address.

All of the intangible costs that arise from reputational damage would not be picked up, argued William Wright joint head of privacy, cyber and technology at Paragon International Insurance Broker.

The reputation damage can transfer through loss of income, the costs of public relations and managing a brand in light of an event, for example.

“It’s one of the biggest challenges the insurance market faces - and I don’t believe we are quite at that stage yet - is how you actually put a number on reputational damage,” said Wright.

Christian Stanley, performance management directorate at Lloyd’s of London, who hosted the event, explained that the media attention from the high profile losses is making the industry question how to calculate the true cost of a cyber attack.

“Every day you open a newspaper and somebody has been hacked,” said Stanley. “Nobody wants to advertise if there is a breach.”

And the outage of British Airways illustrates this, according to Patrick Hill, cyber specialist and partner at DAC Beachcroft.

“Who would want to be the CEO?” Hill asked. Whether they come forward or hide from the media, the publicity is adversely impacted, he explained.

And from an insurer’s perspective, the quantification of reputation and brand damage is very difficult. Stanley said: “It’s what keep businesses awake. It’s a domino effect; it just gets worse and worse.”

Wright continued: “Share price drops, investor fallouts, extra costs to boards; all of these intangible would not be picked up by your standard cyber policy, but they’re huge.”

He explained that it would be a “wonderful world” if there was a metric that can pinpoint where a business stands before and after an event, with a payout calculated accordingly. “I applaud any insurer that comes out with that product,” Wright said.

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk

More on this story

9 June 2017   Cyber attacks like the ransomware dubbed ‘WannaCry’, which has hit hundreds of thousands of businesses around the world in recent months, have highlighted that businesses must first properly understand and assess the risk before they purchase the necessary insurance, according to Julia Graham, deputy-CEO and technical director at Airmic, the UK’s risk management association.
Alternative Risk Transfer
13 June 2017   A new business model based on collaboration will be required from insurers and risk managers, if they are to retain value and relevance to business, according to analysis from Airmic, AXA Corporate Solutions, Chubb and JLT Specialty.
14 June 2017   The General Data Protection Regulation (GDPR), which is set to come into effect in the UK on May 25, 2018, is driving good reporting behaviour as businesses become increasingly digitised and the reporting of data breaches becomes mandatory.