OREANDA-NEWS. The "UK cyber security" report, published today under a joint initiative between the UK government and the insurance sector, underlines Fitch Ratings' view that there is a key role for the insurance industry in addressing and mitigating cyber risks.

Cyber insurance is a key growth opportunity for the global (re)insurance industry, as we argued in our report, "The Rise of Cyber Insurance", published on 19 March. Governments will also inevitably have an increasing role to play in the prevention and indemnification of global cyber attacks. The UK cyber security report is itself an important example of such government involvement.

The infancy of the cyber insurance market provides growth opportunities. The report found that just 2% of large firms have explicit cyber cover, with coverage dropping close to zero for smaller firms. This is despite the significant growth in cyber insurance premiums written in recent years. We also believe it is only a question of time before cyber insurance enters the personal lines market, either as a standalone policy or an add-on to existing personal household or property insurance products.

But cyber risk could cause significant losses due to substantial aggregation risk and the increasing sophistication of cyber attacks. Losses could come from several products including standard commercial liability policies, business interruption, and professional liability. In addition, consequences such as loss of reputation and other intangible damage can be very difficult to measure. This makes pricing very difficult using traditional actuarial methods, especially as loss data and underwriting profitability for cyber risks remain relatively opaque.

In our view, governments will play an increasing role by enhancing legislation, for example regarding data protection, and increasing cyber risk awareness and management. As the size of aggregate cyber risk pool grows, further government initiatives are likely to develop as they have done in other sectors, such as flood risk.

Increased legislation is likely to increase demand for cyber insurance. New data protection laws being finalised in the EU will include the obligation for companies to notify customers if a security breach has been detected. This raises awareness of cyber risks and also means companies are likely to try to reduce breaches by continually upgrading cyber risk management, including using insurance products.