Understanding the journey of cyber risk

By Jack Durrant, Branch Director, BA (Hons), ACII.

In today's digital landscape, grasping the concept of cyber risk is more crucial than ever before. However, the intangible nature of cyber threats often poses challenges for businesses in comprehending the risks they face and how to mitigate them effectively. Yet, it's evident that the importance of addressing cyber risk has grown significantly over the years, surpassing many other classes of insurance.

While the awareness of cyber risks has increased, so unfortunately have the premiums associated with cyber insurance. Many businesses find themselves attempting to catch up with the accelerating costs of cyber insurance while struggling to keep pace with evolving cyber threats. 

In the past, acquiring comprehensive coverage was relatively straightforward, requiring minimal risk management efforts, and cyber insurance represented only a fraction of total insurance expenditures. Today however, cyber insurance premiums are rapidly approaching substantial portions of businesses' insurance budgets, with some heavily reliant businesses allocating more than half of their total insurance spend to cyber coverage.

Despite the rising costs, the value of cyber insurance remains undeniable. From providing informative reports and risk management advice to offering peace of mind without needing to file a claim, cyber insurance aligns the interests of insurers and policyholders. Unlike traditional insurance policies that focus on physical assets, cyber insurance aims to ensure the uninterrupted functionality of vital digital networks - an essential aspect for most modern businesses.

If we reflect on the trends of cyber purchasing and claims over the past two decades, it's evident that cyber threats have evolved alongside advancements in technology. 

Cyber purchasing trends over the last 20 years*

In 2004, it was the early adopters. Most people didn’t understand it, nor did they think they needed it. Most people used the bank, most people used cash to transact, most mobile phones could just about text and make calls. A staggering 35% of people did not use the internet in the UK*.

In 2014, computers were much more prominent and there was greater general adoption of cyber insurance policies into the wider market. 1 in 10 people still did not have access to the internet*.

In 2024, computers are ubiquitous and the requirement for cyber insurance is evident for most businesses. Although sometimes inhibited by price, large-scale adoption of cyber insurance has begun, and there is consensus among those who understand it that cyber insurance provides a keystone cover for most other policies to lean against. 97% of people use the internet every day in the UK*.

Cyber claims over the last 20 years

In 2004 the dot.com bubble a few years prior had done little to extinguish the appetite for businesses to move online, although transaction volumes were small enough that most threat actors hadn’t yet moved into the sector - in fact many modern threat actors had probably not even been born yet!

In 2014 Bitcoin became more of a fascination to many, online shopping became universal, and businesses frequently used systems online with little consideration for the risks aside from banks. There were the first major incidents of data theft and data loss from businesses, leading to the public associating cyber risk with data loss only. This was further entrenched a year later when TalkTalk suffered a huge data-related cyber-attack.

In 2024, the majority of threat actors have shifted their focus to the cyber realm due to the lower risk of being caught compared with physical theft. It offers ease of access and presents a vast array of targets, making it an attractive prospect for malicious actors. In response, businesses are becoming increasingly cautious of potential threats and are adopting proactive measures to protect themselves. This includes investing in employee training and implementing risk mitigation strategies such as cyber insurance, multi-factor authentication, encryption, and back-up solutions. It's worth noting that while data breaches garner significant media attention, the most common sources of losses stem from activities such as impersonation, phishing, spear-phishing, malware, and social engineering.
 

It is time to act…

As you evaluate your insurance budget and risk management strategies, remember the critical role that cyber insurance plays in today's digital age. With cyber threats becoming more prevalent, investing in cyber insurance is not just a prudent decision - it's a necessary step towards protecting your business from unforeseen cyber incidents.

What’s more, according to our recent podcast, you’re more than 5 times more likely to suffer a cyber-related attack than a fire. I leave you with this question, are you utilising your insurance budget in a way that reflects what the data says about risk, and the market trends?

* Internet users, UK - Office for National Statistics (ons.gov.uk)