The Cyber Insurance Threat
Lloyds, the business insurance market, has announced a new requirement for all of its underwriter members to provide full detail of the potential financial exposure to cyber threats they have under current corporate insurance policies.
The market, which wrote gross premium of over £25bn in 2014, now recognises cyber threats to be a 'realistic disaster scenario'. There is a fear that many existing policies may be unclear in their coverage.
Lloyds' estimates that an average single attack on a large company costs about £800,000, but attacks can be far more expensive for the company and its insurers,and ultimately damaging for customers.
The clear implication is that Lloyds and its members will become far more focused on limiting their future exposure to a risk that can be difficult to assess but, at its most extreme, devastating for a company.
With the insurance market clamping down, you can guarantee that the need for companies to employ proactive network testing and assurance across their networks will continue to grow rapidly for the foreseeable future. This is not lost on the large accountancy firms which continue to expand their presences in cyber assurance as a more profitable long term strategy than traditional audit & tax.
M&A demand for leading consultancies in the UK market is already strong with both Pentura and Portcullis Computer Security acquired (by InteliSecure and Cisco respectively) in the last six months. The population of high quality targets with the right accreditations and reasonable scale is very limited and therefore we are seeing premium valuations. However, given the growing opportunity, a significant investment in cyber security expertise is likely to pay dividends for an acquirer.