Only 2% of business are properly insuring for Cyber Risks

CBI Cyber Conference

That is the shocking conclusion from the panel session held at the recent CBI Cyber Security Conference.

The panel session was chaired by Matthew Fell, Policy Director, CBI and included Giles Smith, Deputy Director Cyber Security and Resilence from DCMS and Steven Wares, Head of Cyber Practice, EMEA, Marsh. London, June 2015.

You can listen to the discussion by clicking the link below:


Listen to ‘Cyber insurance: What do you need to consider when assuring your assets?’



Despite the attention on Cyber Risk over the past few years it is clear there is much more that needs done if business is to start balancing the risk faced. While progress is being made, it still seems as though there is still reluctance by many to see cyber as a real risk to the business.  

Risk managers often find it difficult to connect or understand the subject and many IT professionals continue to see the issues raised as principally an IT issue with few are actively engaging with their risk teams to build a balanced approach.  With most organizations now dependent on technology a cyber issue can cripple operations or expose the organization  to liabilities from regulators and other stake holders.

Of course, the majority of businesses across the UK do not have risk teams and IT resources can often be rather limited. This presents real challenges for millions of SME organizations who are generally failing to appreciate the scale of the issue or the costs they can be exposed to during a cyber event.  For these firms, assessing and addressing their cyber risk exposure is critical.  Failure to do so could mean not only the loss of trust with valuable customers, but a scale of disruption and increased costs that can quickly jeopardize their very existence.

Even by applying good basic measures, such as the governments Cyber Essentials Scheme, firms may find they lack the resources to respond and cope with an incident when the expertise and time needed comes with quite a price!   

A well structured approach  to prevent and mitigate the threat from Cyber, combined with a well thought through Insurance policy, can dramatically change outcomes and help deliver not only an enhanced capability, but also help build competitive advantage. If you'd like to know more about how you can build an effective approach to Cyber Risk Management check out the CRIF Framework on our resources pages.