UK Cyber Insurance 2017

"UK Cyber Insurance 2017" discusses the growing need for cyber insurance and highlights product uptake among UK businesses. It explores how cyber insurance fits within a commercial insurance portfolio and examines the products offered by key market players. It demonstrates how the insurance sector can help improve understanding of cyber insurance, and how insurers and brokers can help promote the adoption of good practice to reduce the frequency and cost of breaches. This report will also discuss the most significant market developments over the past 12 months and how the sector is likely to develop in the future in reference to new initiatives and regulation.

The UK cyber insurance market is growing over time. Product penetration is increasing as businesses are becoming more aware of the need for cyber insurance in a world where they are dependent on the digital space and crime is moving online. All businesses are vulnerable and require cyber insurance, regardless of size or industry. While there is a large opportunity for insurance providers to increase product penetration and grow their commercial books, they must be cautious due to the unknown exposure and scale of cyber risk. Ultimately cyber insurance is still developing its place within commercial insurance portfolios.


– It is estimated that fraud and cyber offenses make up 47.3% of all crime according to the Crime Survey of England and Wales conducted by the Office for National Statistics.

– Cyber insurance penetration is increasing. 13.7% of UK SMEs held cyber insurance in 2016, compared to 2.1% in 2014.

– The average total organizational cost of a data breach is also increasing. In the UK it rose by 14.5% from $3.45m in 2014 to $3.95m in 2016 according to the Ponemon Institute.

Reasons to buy

– Gain a better understanding of the need for cyber insurance among UK businesses.

– Understand how cyber insurance fits within the commercial insurance space and how it is likely to evolve over time.

– Discover how regulation and new government initiatives will impact the market.

Companies mentioned





Table of Contents

Table of Contents


1.1. The UK cyber insurance market is still evolving 2

1.2. Key findings 2

1.3. Critical success factors 2


2.1. Introduction 7

2.2. Cybercrime is becoming an increasing risk for businesses 7

2.2.1. The rise of digital for businesses has grown the opportunity for cyber-criminals 7

2.2.2. Crime is moving online 8

2.2.3. The full extent of cybercrime is hard to assess 10

2.2.4. There are a broad range of cyber risk characteristics 10

2.3. All businesses are vulnerable to cybercrime 11

2.3.1. Cybercriminals are targeting large businesses and SMEs 11

2.3.2. Cyber insurance penetration is increasing over time 12

2.3.3. Cyber insurance uptake is low for small businesses, despite them being vulnerable 14

2.3.4. All industries that hold valuable customer information are at risk 15

2.3.5. Cyber insurance penetration varies by industry 15

2.3.6. Businesses are at risk no matter how sophisticated their cyber security system 16

2.3.7. Many of the main business concerns for SMEs are cyber-related 17

2.4. There have been many recent high-profile cyber-attacks 18

2.4.1. TalkTalk was fined £400,000 by the ICO for failing to protect customer data 18

2.4.2. Yahoo disclosed two large-scale breaches at the end of 2016 19

2.4.3. The largest NHS trust was targeted by a ransomware attack in early 2017 19


3.1. Cyber insurance is still evolving as a product 20

3.1.1. Cyber insurance is still finding its place in the commercial insurance market 20

3.1.2. The debate between standalone and add-on cyber insurance products 20

3.1.3. The risk of add-on cyber insurance products leaving businesses with gaps in cover 20

3.1.4. Understanding of cyber insurance is increasing 21

3.1.5. Brokers play an important role in the distribution of cyber insurance 22

3.2. A number of insurers provide cyber insurance 24

3.2.1. AIG’s CyberEdge PC policy is flexible and designed to complement existing cover 24

3.2.2. Aviva targets the small and mid-market with a bolt-on cyber product 25

3.2.3. Hiscox offers a standalone cyber and data risk insruance policy directly online 25

3.2.4. Zurich has a global focus for its product and associated breach response service 27

3.3. The claims landscape is constantly evolving with cyberspace 28

3.3.1. Hackers are exploiting the human element when targeting businesses 28

3.3.2. There has been a rise in ransomware attacks 28

3.3.3. Cyber risk is moving beyond data privacy issues 29

3.3.4. The organizational costs of data breaches are on an upward trend 29

3.3.5. Healthcare experiences the highest severity of claims 31

3.3.6. Third-party involvement is the largest factor that increases per capita cost 31


4.1. The cyber insurance market will continue to grow 33

4.1.1. Preventing attacks should be a focus for businesses, but cyber cover is still essential 33

4.1.2. Insurers have an opportunity to help businesses reduce their cyber risk 33

4.2. The UK government is committed to tackling cybercrime 33

4.2.1. Cyber Essentials allows businesses to certify they are cybersecurity conscious 33

4.2.2. GCHQ has published a 10-step guide to help businesses protect themselves 34

4.2.3. The UK government is investing £1.9bn in a new National Cyber Security Strategy 36

4.3. The EU’s GDPR will come into force in 2018, and will modernize data protection 37

4.3.1. The definition of what constitutes personal data has expanded 37

4.3.2. The directive will apply to anyone handling the data of EU citizens 37

4.3.3. Data processors will be subject to regulation 37

4.3.4. Those subject to regulation will need to show accountability 38

4.3.5. Customers have stronger rights when it comes to consent 38

4.3.6. Data breaches must be notified 38

4.3.7. Businesses may need to appoint a DPO 39

4.3.8. Regulation will be heavily enforced by large fines and frequent audits 39

4.3.9. The GDPR is expected to grow the cyber insurance market 39

4.3.10. The GDPR will drive better cyber security and help insurers model cyber risk 39

4.4. Cyber insurance will expand into personal lines 40

4.4.1. Cyber exposure for individuals has grown with the Internet of Things 40

4.4.2. Individuals are vulnerable to being targeted with cybercrime 40

4.4.3. AXA offers personal cyber insurance in France 40


5.1. Abbreviations and acronyms 41

5.2. Methodology 41

5.2.1. Primary and secondary research 41

5.2.2. GlobalData’s UK SME Insurance Survey 41

5.2.3. GlobalData’s UK Commercial Broker Survey 41

5.3. Bibliography 42

5.4. Further reading 42

List of Figures

List of Figures

Figure 1: Fraud and cyber offenses make up nearly half of crime in England and Wales 9

Figure 2: Bank and credit account fraud is the most common type of online crime 9

Figure 3: The taxonomy of cyber risk for businesses 11

Figure 4: The percentage of UK SMEs holding cyber insurance has risen significantly in recent years 13

Figure 5: Cyber insurance has the lowest uptake of all commercial products among UK SMEs 13

Figure 6: Uptake of cyber insurance increases with business size 14

Figure 7: Mining, electricity, gas and water supply services have the highest uptake of cyber insurance 16

Figure 8: Cyber risks are a key concern for UK SMEs 17

Figure 9: Cyber risks are a key concern for UK SMEs 18

Figure 10: Over half of UK SMEs now think cyber insurance is easy to understand 22

Figure 11: Almost half of UK SMEs purchasing cyber insurance did so through a broker 23

Figure 12: Nearly 50% of UK brokers trade cyber insurance 23

Figure 13: AIG’s CyberEdge PC fills gaps in other commercial cover 25

Figure 14: Hiscox allows SMEs to build their own insurance portfolio directly online 27

Figure 15: The average per capita cost of a data breach remained steady between 2014 to 2016 30

Figure 16: The total cost from data breaches is increasing over time for organizations 30

Figure 17: The per capita cost of a data breach is highest in the healthcare industry 31

Figure 18: Third-party involvement and use of the cloud adds the largest costs to data breaches 32

Figure 19: The CESG has developed a 10-step guide to help businesses establish cyber security 35

Figure 20: The CESG has developed a guide to help businesses understand common cyber attacks 36


Discounts available for multiple report purchases.
+44 (0) 161 359 5813

Join our mailing list

Saved reports