CFC Summit: Your burning cyber questions, answered

At this year’s UK CFC Summit, our audience put forward their burning questions to our cyber panel in an ‘ask us anything’ session. Here are key bits of knowledge our experts had to share.

Cyber Article 1 min Wed, Nov 22, 2023

A standout at this year’s UK CFC Summit, our cyber panel was on hand to answer the most pressing cyber questions of the day, as posed by our audience.

Read on for expert insights from Phillipa Berry, Cyber Product Leader, Ashley Burdon, Cyber Claims Manager, Bob Scott-Kerr, Cyber Incident Manager and James Burns, Head of Cyber Strategy.

  1. As a broker who doesn’t work in cyber, I’m keen to grow cross-class business. Do certain industries lack awareness of their cyber risk, and are they under-protected?

    Rather than being industry-specific, our data shows that governance is key in determining whether a business understands and mitigates its cyber risk. 

    If you tried to sell a cyber policy to a chief information security officer ten years ago, they might take the pitch as an accusation that they can’t do their jobs. That’s now changed, with most businesses today recognizing cyber as a corporate risk. But there’s still a perception gap. For example, businesses that outsource their IT infrastructure may claim they have no cyber risk, when in fact cyber insurance is vital for any business that uses computers. 

    It's all about education. We must better explain what impacts cyber risk and what that risk entails, and how the true value of cyber insurance isn’t the words in a policy but the proactive prevention services that come with them. Here are six things every successful cyber broker knows.

  2. Cyber claims and premiums are on the rise. If cybercriminals continue to become more disruptive, will cyber insurance still be a viable product?

    The rising level of cyber risk isn’t uninsurable. It’s just heightening the need for businesses to purchase cover.

    We’re investing heavily in our proactive prevention services, assembling the largest in-house team of cyber responders in market. Through vulnerability scanning, threat monitoring and real-time cyber attack prevention, we’re not just here to react when incidents occur but to stop them from happening in the first place. That’s all as part of a standalone cyber policy with CFC.

    By working with law enforcement organizations across the globe, we’re looking to reduce the frequency of claims and tackle cybercrime for society at large. Law enforcement is making great strides in the cyber world, but as cybercriminals continue to adapt, so must we.

  3. CFC is behind the idea of a cyber event declaration system. Who would be responsible for sitting on the cyber event body?

    The insurance market can push forward the initiative initially, as we're seeing the need for it firsthand. But the body for an industry-wide declaration system has to be independent. Otherwise, there would be a natural conflict. We can't have an insurer-owned body declaring events off the back of which major reinsurance contracts and payouts are based.

    That's why, on 1 January 2024, CFC is launching an independent cyber monitoring center, as we look to address the perennial challenge of systemic risk.

    We're looking at the type of model that charities use, where insurance providers can be members without anybody actually owning the body. The body has to be staffed by a technical committee; four or five individuals from a variety of backgrounds across law enforcement, cyber security and so on.

  4. Cyber attacks can delete data and backups, resulting in lost intellectual property (IP) for the business. Does CFC’s cyber policy respond to this loss?

    Different wordings cover IP loss in different ways. At CFC, we specifically cover the recreation of data, which differs massively to merely the recovery of IP.

    In a recent claim, an engineering firm fell victim to a cyber attack and lost a series of essential blueprints it used to pitch for new jobs. It transpired that the blueprints could not be recovered, but since the firm’s policy covered the recreation of data, extra resource was hired to recreate the blueprints from scratch. If the firm had a policy which just offered the recovery of IP, since the electronic files couldn’t be found, it would’ve been left with nothing.

    It’s difficult to value and measure the loss of IP, but the extent to which IP can be recreated is a different story. So read the fine print and ensure you go with the right policy. Find more about our cyber products here.

That’s just a snapshot of the burning questions and answers given in our ‘ask us anything’ session. See what else our cyber panel talked about by watching the on-demand recording (and view the CFC Summit North America session by toggling your domain region in the top right of this page).

Cyber questions still aflame in your mind? Our experts want to hear from you! Reach out at cybermarketing@cfc.com.