The majority of cyber insurance policies on the market are marred by “significant flaws” which could result in firms missing out on compensation if they fall victim to a data breach or hacking attempt, according to a new study.

Research conducted by insurance governance firm Mactavish reviewed the cover provided by 30 major cyber insurance policies in the UK and found that as the market is in its infancy, very few claims had been made to date.

However, it predicted that many claims made in the event of a breach or cyber attack are likely to be disputed and that settlements could be much lower than clients expected.

The report identified seven major flaws that were common to the majority of policies, including the risk that cover is limited to events triggered by external attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions.

Payouts related to data braches could also be limited to cover only minimal costs, the report found, and cover related to IT systems interruption could be limited to the brief period of disruption, rather than more significant knock-on impact on revenue as a result of an outage.

There were also complexities related to cover for outsourcing, contractors, software and systems still in development, as well as onerous notification and claims requirements.

Bruce Hepburn, chief executive of Mactavish, said that despite a rise in the number of cyber insurance policies being launched to keep up with the spread of cyber incidents in business, the market remained “very immature and in many respects untested”.

He warned: “Perhaps some of these policies have been rushed to market by insurers eager to capitalise on the growing cyber risks facing organisations, and their desire to spend significant amounts of money to protect themselves against this.”

Share Story: