1 year cyber anniversary
Celebrating our cyber anniversary
2020 will undoubtedly be remembered as a year of firsts, but it has also served to remind us of the value in reflection, especially in business.
This time last year, CPP Group UK launched a SME-specific cyber insurance product on Acturis – the first for general commercial use available on the insurance administration and trading platform. Since then, we have continuously sought to develop our cyber offering through a range of innovative product enhancements and a growing network of partners, all with the aim to empower individuals and businesses to effectively manage today’s escalating cyber risk.
In particular, we have focused on creating awareness and attempting to bridge the cyber protection gap felt so acutely by UK SMEs. Cyber risk has long been treated as low-priority by the SME sector despite habitually topping its chart of vulnerabilities – in 2018 alone, the UK’s 5.9 million SMEs paid out £13.6bn in recovery from cyberattacks, and yet uptake of cyber insurance remains chronically low even into 2020, at just 12.7%.
This gap is largely due to the unnecessary complexity of existing cyber protection products and their unsuitability for the SME market. This is why we launched our own specialist cyber insurance policy to sit alongside our pioneering cyber tech tools, OwlDetect and KYND, which continuously survey an organisation’s digital assets and the dark web respectively to provide expert insight into cyber risk exposure. Together, these products combine prevention, assistance and protection, helping businesses as well as consumers to better identify, mitigate and protect themselves against a cyber threat which has only grown in severity since Covid-19.
COVID-19 exacerbates cyber threat
Covid-19 has accelerated the need for organisations to increase their digital capabilities as business operations are increasingly conducted online. This has seen industries of all kinds become custodians of customer data on a scale unimaginable pre-pandemic, amplifying their vulnerability to cybercrime as a result. For a sector like retail and beauty for example, which forms 11% of our policyholder base, the rapid shift towards a digital business model means that many companies are now entirely reliant on their IT infrastructure and are holding more data, increasing their exposure. Both the risk of cybercrime and the risk of accidental data loss can be addressed with the right cyber insurance product.
Analysis we conducted on the demographic breakdown of our cyber insurance book revealed a striking spread of industries, emphasising the point that no business, regardless of size or sector, is immune from cybercrime and should hence act to mitigate to the risk.
Over the last year, our discussions with brokers have highlighted that many brokers still fall victim to the notion that sectors which do not immediately appear high-risk are disqualified from, at the very least, a conversation around cybersecurity. And yet nowadays, any business that uses internet-connected systems is susceptible to attack. Even in the stereotypically off-the-grid agricultural industry, for instance, the functionality of much farm equipment is driven by web servers; a hack would render these systems defunct, derailing potentially time-sensitive business operations. It is vital, therefore, that brokers do not underestimate the need to address their client’s full needs according to the sector in which they operate.
Inaction around cybercrime is no longer an optional luxury; and yet, despite high-profile data breaches and cyberattacks that continue to grab headlines, only 11% of UK businesses have cyber protection and insurance in place. Together with our partner KYND, over the last year we have run hundreds of checks on the cybersecurity of businesses: 90% of reports run to-date flag at least one red alert to an organisation – the highest level available – with out-of-date web certificates most often as the cause.
Constantly evolving product enhancements
October marks a year of our efforts to be part of the solution. As an organisation, we have learnt to adapt to the changing nature of cyber threats to ensure that we remain the best possible partner to brokers and that they can offer the best level of protection to SMEs.
For example, even though CPP’s cyber insurance was awarded an impressive four-star rating by Insurance Age at its market launch, once we identified social engineering as an emerging cyber threat, we quickly incorporated it into our product. A further enhancement now provides cover for hardware loss and the replacement cost of technology resulting from a cyber incident, therefore limiting business interruption and enabling firms to return to full operation more quickly. Working on feedback from our brokers, we are continuing to develop the product to meet the widest market need, while keeping it simple and accessible for brokers less familiar with selling cyber insurance.
We have also partnered with many high-profile brokers over this past year to help facilitate deeper engagement with their clients. Our commitment to broker education has seen CPP launch a series of webinars and cross-country Cyber Roadshows, in which brokers could learn more about the complexities of cybersecurity and see CPP’s solutions in action.
Top tips for brokers
Brokers should be making the most of cyber as an opportunity to make themselves invaluable to their clients and to remain competitive – especially as the threat of commoditisers looms large. To support brokers to spark cyber conversations and sell cyber protection products, we’ve compiled a few of our top dos and don’ts:
position yourself as a knowledgeable and trusted adviser to clients, ensuring that they know that commercial policies don’t provide adequate cover for cyber risk.
assume that businesses have to be “online” or holding a lot of customer data to be vulnerable. Smaller businesses without dedicated IT teams are often easy targets.
embrace the shifting sands of the cyber scene, tailoring your conversations with clients to ensure that they get exactly the coverage that they need.
focus on solely selling insurance products, but risk mitigation too. Giving good advice on cyber risks will help to differentiate you from commoditisers.
offer a bespoke service: not all cyber insurance products are made equal – some, for example, are easier to train and explain, designed for smaller or less tech-savvy businesses.
A full year on from our launch on Acturis, we have reached some major milestones: in February, we partnered with global insurance broker and Fortune 500 firm Arthur J Gallagher and Co. to distribute CPP Secure across its 63 UK branches, while later the same month, the policy was awarded most “Innovative Product” at the Yorkshire Finance Awards.
This anniversary marks a year of market-disrupting change in the cyber space for CPP Group UK. But we’re not stopping there! In the coming months, we’ll be announcing several exciting industry partnerships involving our cyber products, so make sure to stay tuned…
Key Events timeline
- CPP Secure launches on Acturis platform to its 20,000-strong broker community
- Insurance Age awards CPP’s cyber insurance a four-star rating
- CPP hosts event at The Gherkin, London, for leaders across the insurance and fintech spaces exploring the cyber risk landscape
- Partnership with major commercial insurance broker Gallagher to provide CPP Secure to small business clients of its UK Retail Division
- CPP Secure awarded “Innovative Product of the Year” at 2020 Yorkshire Financial Awards
- Group deal with SparkassenVersicherung (SV) to tackle online identity theft with OwlDetect, deploying the tech from CPP UK’s operations base in Leeds
- Enhancement of CPP Secure policy with the introduction of social engineering
One year on…
- Introduction of “bricking” to CPP Secure to cover hardware loss in case of cyberattack
- Leeds Digital Festival “Cyber made simple” webinar in collaboration with KYND