London insurance market underprepared for cyber-attack

It was fascinating to read the results of Xchanging plc’s survey at the end of last year, which revealed that only one-third of insurers in the London Market believe their firm could withstand a major cyber-attack, and almost half felt they were underprepared, according to a survey conducted by the company.

Xchanging rightly points out that as holders of vast amounts of client data, insurers, like many other businesses, are vulnerable to attack by cyber criminals, and reports of data breaches – such as the hacking of broadband provider TalkTalk last year – are becoming increasingly regular occurrences. TalkTalk’s data breach is estimated (according to a recent interview with their CEO) to cost the company up to £35m in one-off costs.

While 36% of respondents to the survey – conducted at the Xchanging London Market Conference 2015 – said they ‘definitely’ have sufficient measures in place to withstand a major cyber-attack, 30% felt they are only partially protected, 16% said they are insufficiently protected, and 18% were unsure. For me unsure is an interesting state to be in following the media storm and the high profile incidents both within the UK and internationally over the past couple of years.

Adrian Guttridge, Executive Director of Xchanging Global Insurance Services, said: “The insurance industry is grappling with the extensive threat of cyber-attacks from an underwriting and risk management perspective and, in the absence of enough meaningful data, modelling the risks involved remains a grave challenge. As custodians of vast amounts of data, insurers are also aware that they, too, are vulnerable to cyber breaches – and the reputational damage that this can cause.”

Guttridge added: “The recent cyber-attack on TalkTalk is the latest in a lengthy list of high-profile hacks of personal data held by government and commercial organisations.”

As I outlined in a 2015 blog (How to avoid being the next TalkTalk of the town), implementing firewalls and other IT solutions is only part of the answer to fending off a cyber-attack. All walls can be scaled, so a more holistic approach is required to protect your business in an increasingly cyber-hostile environment.

In this environment insurers need to review their policies, processes and procedures and embed its approaches into everyday tasks that are performed. Without this approach it makes it difficult to maintain a high standard, or to be certain that the standard is being maintained. For the insurers these principles apply to their policyholders as well, and we encourage insurers to consider these simple aspects in their policies.

It is to be welcomed that a new committee of chief risk officers (CRO) set up by the Lloyd’s Market Association (LMA) will promote efficient operation and the very highest technical standards in risk management for Lloyd’s managing agents

As part of its programme, the committee will examine the evolving regulatory requirements for CROs, consider emerging risks such as cyber-attacks and champion best practice. The committee will also determine and define the skills and knowledge required to fulfil the CRO role within a Lloyd’s insurance business.

The committee’s formation is a response to the growing significance of the role of CRO in the Lloyd’s insurance market and comprises around 20 CROs drawn from across the Lloyd’s managing agency community.




Darren Wray's picture

Darren’s background is in strategic management of IT for organisations from start-up to multinational corporates. His experience encompasses a number of industry sectors, including financial services and media.

If you would like to contact , please Click Here and submit your enquiry and youTalk-insurance will pass your comments on.

Add new comment

Filtered HTML

  • Empty paragraph killer - multiple returns will not break the site's style.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd><p><br><h2><h3><h4><h5><h6><hr><img>
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text

Agree to terms

By posting a contribution to the youTalk-insurance blog you will be giving youTalk-insurance your full consent to post your contribution, should we choose to do so and you will be deemed to have given us a free licence on a perpetual basis to adapt, modify and incorporate your contribution. By posting to the youTalk-insurance website you are fully responsible for the accuracy, completeness, veracity, honesty, exactitude, factuality and politeness of comments you make. All contributions to youTalk-insurance must not contain anything that is unlawful, offensive, abusive, threatening, defamatory, obscene or discriminatory nor shall it infringe the rights of anyone else.