Good Practice Guide
11 November 2019
11 August 2020
Understanding cyber risks and how to ensure full cover is offered.
Cyber is one of the most commonly used terms used in insurance. However, it is also one where customers are finding themselves underserved.
Cyber-related incidents are one of the most common and ever-changing types of threat that insurers are faced with. Despite this, there are still many people who still don’t understand what cyber is or have suitable cover.
Cyber first originated in the mid-90s with the rapid growth of the internet and online databases storing increasing amounts of personal data. The need to secure this data, as well as the threat of the ‘millennium bug’ rendering IT systems inoperable, meant that any losses sustained would need to be covered.
As regulators caught up with the growing threat, traditional coverage had to be broadened to include first-party elements of cover, such as business interruption and data recovery. As well as cyber crime, cyber can now cover IT system failures and outsourced functions if a breach occurs.
This Good Practice Guide explores the history and development of cyber insurance by exploring the following:
- Where did cyber come from?
- Why is cyber a growing issue?
- What does cyber insurance cover?
- How can a cyber incident be prevented?
- What other cyber concerns are there?
Good cyber security is relevant both to insurers and their customers. This is why having a good understanding of cyber insurance is essential to all insurance brokers, as this risk will only continue to grow.
This document is believed to be accurate but is not intended as a basis of knowledge upon which advice can be given. Neither the author (personal or corporate), the CII group, local institute or Society, or any of the officers or employees of those organisations accept any responsibility for any loss occasioned to any person acting or refraining from action as a result of the data or opinions included in this material. Opinions expressed are those of the author or authors and not necessarily those of the CII group, local institutes, or Societies.