Business Interruption

From Data Breaches to Business Continuity: Evolving Cyber Security for Insurers

Key Findings

The vast majority of UK insurers (82%) have implemented enhanced cyber security measures to combat the increasing severity of cyber events.
Nearly half of global and one-third of UK insurers identify data and cyber security risks as the most common challenge faced by businesses in the insurance landscape.
Over 80% of UK insurers have strengthened data security and privacy protocols to prevent improper data loss.

Cyber security in business resilience

Global business operations rely heavily on digital technologies and interconnected systems, making robust cyber security measures essential to business continuity. As the volume of data stored in cloud environments continues to grow, many insurers are navigating how to harness these technologies effectively while ensuring sensitive information remains secure.

In the last 12 months, cyber security risks have become one of the most significant challenges facing businesses. Nearly half of global (44%) and one-third of UK insurers (33%) identified data and cyber security risks as their primary overall concern in GB’s survey. This underscores the increasing urgency to address vulnerabilities that could result in operational disruptions, reputational damage, or financial losses.

A global IT crisis

In July 2024, a cyber security incident involving a major technology company disrupted industries worldwide. A flawed security software update resulted in a massive IT outage, impacting business operations ranging from airlines to hospitals. Experts considered it ‘the largest IT outage in history’,^[¹ ^] as businesses faced cascading operational challenges, from cancelled flights and delayed medical services to interrupted supply chains.

The incident underscored the critical importance of robust cyber security measures and the risks associated with deploying updates in mission-critical environments. For many, it served as a stark reminder of how business interruption caused by cyber events can amplify operational costs, erode customer trust, and create legal liabilities.

Our survey findings reflect this heightened awareness, with 84% of global and 82% of UK insurers implementing enhanced cyber security measures to address the rising frequency and severity of cyber events. These proactive steps demonstrate an industry-wide focus on mitigating future risks.

Strategic responses to evolving cyber threats

The implications of cyber security risks extend far beyond data breaches. From legal liabilities to prolonged business interruptions, the fallout of a cyber event can be severe. For insurers, who manage vast amounts of sensitive customer data, the stakes are particularly high. These challenges highlight a broader industry acknowledgement that building resilience against cyber threats demands a multifaceted approach.

Larger corporates are increasingly adopting robust protection measures and developing a deeper understanding of the risks and the need for adequate coverage. However, in the UK, the small and medium enterprises sector still lags in comprehending the full scope of cyber security risks and their potential impacts. This lack of awareness extends across policy coverage — for instance, while a cyber event may occur, businesses often lack the necessary coverage to recover from the financial losses incurred. Addressing this gap is serious, as the complexity of cyber risks requires customised solutions that align with the specific needs of different sectors.

Consequently, 82% of UK insurers have introduced stricter data security and privacy protocols into their risk management strategies, aiming to protect against improper data release. Furthermore, 71% of UK insurers

have implemented stricter data-sharing protocols in their strategies, ensuring that sensitive information is handled securely at every stage.

Managing risks through vendor relationships

Managing vendor relationships is a crucial component of safeguarding data and privacy. Globally, nearly two-thirds (61%) of surveyed insurers now focus on regular vendor audits and assessments in response to the prevalence of cyber events, while in the UK, over three-quarters (76%) of the respondents have also taken similar steps. This strategic shift signals a growing focus on securing the supply chain as an extension of internal operations.

By strengthening vendor relationships and enforcing higher security standards, insurers are reducing the potential for business disruptions originating from third-party partners. This holistic approach highlights the importance of a secure, well-managed ecosystem in maintaining operational continuity.

^{[1]Thornton, Kathleen. “}^{CrowdStrike Incident: What Happened and How Can We Learn from it}^{,” University of Maryland Global Campus, 19 Aug 2024.}