As high-profile cases of cyber attacks increasingly splash across the front pages of newspapers worldwide, it seems that the tipping point has come for cyber insurance, according to a panel of experts speaking at this year’s IIS event in London.
Andrew Rogoyski, head of cyber security services, CGI IT UK, noted that there has been a general wave across Europe of companies pushing cyber security and governments have published an abundance of guidance.
“The tipping point is here. The question is: is advice good enough? Germany is pouring over IT security and European countries have all published strategies around two/three years ago. Over the hill you have a European set of regulations. Will there be hard regulations in the UK? I doubt it. But there will be more European legislation and this will drive a whole set of behaviours and the industry itself,” he said.
Sarah Stephens, head of cyber and commercial E&O at Aon, added: “It is important to remember that while we call cyber a new and emerging line of insurance, it’s not necessarily new. The first policy was probably written before 2000.
“It’s not getting any easier for companies to deal with data breach. Governments are not taking privacy any less seriously.”
Tracie Grella, global head of professional liability, financial lines at AIG Property Casualty in the US, who chaired the panel, said: “101 countries have data privacy laws. Having all of these countries to deal with can be a major headache for an organisation.
Figures used during the presentation showed that only an estimated 20 percent of organisations had purchased a network security and privacy liability policy. “It’s astonishing that 80 percent are not purchasing insurance against this risk when coverage is readily available,” said Grella.
Roger Gate, associate partner, business unit leader, UKI, security and privacy services, IBM, added: “One of the key things that we frequently identify is that you don’t keep up to date with your patching. Ensuring your house is clean and up to date is fundamental to security.”
IIS, Europe, Cyber, Sarah Stephens, Aon, Andrew Rogoyski, Tracie Grella, AIG, Roger Gate