This week the Association of British Insurers revealed that over 99% of all cyber insurance claims submitted to carriers in the UK were paid, making the claims acceptance rate one of the highest across all lines of commercial insurance.
This factoid may come as a surprise to many, given that the media regularly runs articles with incendiary headlines such as "Why are Companies Buying Cyberinsurance That Doesn’t Cover Cyber Attacks?". The reality is those headlines are typically describing companies who did not buy cyber insurance cover and may have onerously assumed that their property or general liability policies would cover costs associated with a cyber event. For more on this, you can check out my prior blog post.
However, for those who work in the cyber insurance industry day in and day out this statistic may not come as a surprise. Standalone cyber insurance products, although still relatively new, have performed remarkable well and "do what they say on the box". When a business is faced with a cyber event, robust cyber insurance policies provide much needed assistance with key first and third party costs that enterprises are faced with. It is telling that the vast majority of headline grabbing cyber events in recent years have had cyber insurers standing ready to provide for claims that regularly now total triple digit million dollars for major enterprises. In addition, stories of small companies being hamstrung financially by a cyber attack usually carry a regrettable line in the story about the company omitting to buy cyber insurance cover. Small businesses who have purchased cyber insurance will often fare far better and may avoid such headlines.
What is also lost is the incredible value that comes from the cyber claims teams of many of the world's largest cyber insurers. The cyber insurance industry has now seen thousands of claims - a company experiencing a breach or widespread business interruption may be experiencing a material cyber event for the first time. The value of rapid response, connection to breach coaches, access to forensic firm panels, recommendations on cyber crisis communication specialists and advice on how to deal with important stakeholders make the claims function of insurers unsung heroes in the fight to make enterprises more resilient to cyber attacks.
This isn't to say that there isn't a lot of work that needs to be done on buyer education, specialized broker advisory and policy standardization but for a relatively new product in a highly dynamic space, the insurance market is performing. In large part, we have the cyber claims departments to thank so I am glad to see their hard work and service being recognized.