GDPR driving adoption of cyber insurance in the UK

Press release header image: cyber symposium hero imageToday we are releasing findings from a survey conducted at the 2017 London Market Cyber Symposium last month*.

When asked whether they were seeing more demand for cyber insurance as a direct result of the incoming EU General Data Protection Regulation (GDPR), an overwhelming 80% of survey respondents agreed.

Respondents to the survey at last year’s event cited the incoming GDPR regulation as an element likely to drive up the demand for cyber insurance in 2017.

Graeme Newman, Chief Innovation Officer at CFC, explained: “Under the GDPR there will be a requirement that businesses have an incident response plan in place and must notify any data breach no later than 72 hours of becoming aware of the event. To do this, businesses are going to need access to a whole raft of specialists and that’s going to have a disproportionate effect on SMEs who are unlikely to have this level of capability in-house. They could find themselves scrambling for help and possibly face missing the cut off, thus exposing themselves to breaching the new rules.

“I think that there is a greater realisation as GDPR looms ever closer that cyber insurance can offer a valuable lifeline. As well as protecting them against the emerging threats of the digital age, the right provider will give insureds instant access to carefully selected specialists who can guide them every step of the way from creating an incident response plan to dealing with a cyber attack.”

* The survey was conducted on 23rd November at the 2017 Cyber Symposium in London, UK. Hosted by CFC Underwriting, the event was attended by over 200 representatives from the insurance industry.

CFC appoints Neil Beaton to build new financial institutions practice

CFC appoints Neil Beaton to build new financial institutions practiceCFC is proud to announce the appointment of Neil Beaton to build a new team focused on developing a suite of products for financial institutions.

Prior to joining CFC, Neil was Head of Financial Lines at Newline Group. He brings extensive experience of underwriting all types of financial institutions across a range of jurisdictions including the UK, Europe, the US, Asia Pacific and Australasia.

CFC Chief Underwriting Officer, Andrew Holmes, comments: “The look and feel of financial institutions is changing as they utilise more and more technology in their core operations. This evolution presents financial institutions with a new range of exposures which we believe the insurance market is not adequately addressing, whether that is a product designed for the new breed of Fintech companies or a crime proposition which properly caters for the way crime against financial institutions is committed in 2017. With CFC’s expertise in cyber and technology allied to Neil’s extensive experience of insuring financial institutions, we believe there is an exciting opportunity to bring a modern and relevant product set to this market.

“Neil is regarded in the London Market as a highly experienced financial institutions underwriter with a track record of sourcing and writing profitable business. I am delighted that we have attracted someone of his stature and skillset to create a suite of modern, market-leading products that will challenge the status quo of the financial institutions market.”

CFC partners with CyberScout to provide identity management services

CFC partners with CyberScout to provide identity management servicesWe’re pleased to announce that we’ve partnered with CyberScout™, identity management and data theft service experts, to offer innovative, best-in-class cyber support services to our customers internationally.

“Cyber risk has become a fact of life for every organisation in today’s connected world,” said Anthony Hess, Head of Incident Response at CFC. “As cyber crime becomes more complex and sophisticated, partner network providers like CyberScout can round out in-house capabilities with their own expertise, and can offer innovative, high-quality services on a global scale.”

CyberScout provides CFC customers with help in three areas: identity theft remediation, consumer notification and cyber fraud monitoring. Our customers now have the option of direct access to CyberScout’s highly experienced fraud specialists. In annual customer surveys, CyberScout earns 99% satisfaction ratings, year after year. These services complement our current offerings which include a wide range of internal and partner-provided risk management services as well as our in-house incident response team, which is activated by an award-winning cyber incident response app 24 hours a day, 7 days a week.

“With this partnership, CyberScout looks forward to collaborating with CFC Underwriting and its underwriters in the London Market,” said Tom Spier, CyberScout’s International Director of Business Development. “Already CyberScout offers its services to millions of consumers in partnership with 16 of the top 20 U.S. property and casualty insurance carriers, and six of the top seven Canadian insurers, as well as global Lloyd’s Syndicates.”

Half of UK SMEs claim their broker fails to discuss cyber

Image of contract being signed by two peopleOur new research revealed that over a half of UK based SMEs (50.8%) say that their insurance broker has not raised the issue of cyber insurance with them.

Graeme Newman, Chief Innovation Officer at CFC, said: “This figure is quite shocking particularly when you put some context around it. 90% of our cyber claims come from businesses with less than £50 million in revenue and we get more than one claim every single day. This shows just how vulnerable SMEs are to cyber attacks. I think it sadly demonstrates that cyber insurance is still well outside the comfort zone of many brokers who are providing their clients with a wide range of commercial covers. However, the research shows that there is also a gulf in awareness amongst SMEs themselves as to the very real threat that cyber crime poses.”

Despite the fact that cyber offences now account for over half of all crime in the country, when SMEs were asked what poses the biggest threat to their business, cyber crime failed to top the list and a fifth claimed that they had never even assessed their business exposure to cyber risk. More than half (56%) do not have an incident response plan in place outlining roles and responsibilities in the event of a cyber attack.

Newman concluded: “The insurance industry should be doing more to raise awareness amongst SMEs that this is just as significant a risk as others that a business faces. In order to do that, we need to drop the hype and confusing rhetoric and provide our clients with clear facts and a crisp explanation of what cyber risk is actually about. With major changes to UK data protection legislation on the horizon, it is more important than ever that brokers put this on the agenda to ensure that their clients have the right cover in place to protect their business.”

CFC launches revamped cyber proposition

CFC launches revamped cyber propositionToday we are pleased to announce the launch of our revamped cyber insurance product. In what represents a significant upgrade to our existing cyber proposition, the new look product provides a number of innovative cover elements to protect policyholders against the emerging threats of the digital age. This includes the provision of first party cover on an “each and every claim” basis, ensuring that policyholders aren’t restricted by a policy aggregate and that the full benefits of cover are available each time a crisis strikes, even if they experience multiple cyber incidents in the same policy period.

The policy is also one of the very few to offer full retroactive cover as standard, meaning that policyholders are covered for breaches they discover during the policy period, even if it first occurred long before. Symantec has reported that the average time to discover a breach is 205 days, making this a particularly important feature.

Our Cyber Product Leader, James Burns, says: “No modern business can escape cyber risk, but as cyber criminals have become more sophisticated and as we live in an increasingly connected world, the nature of cyber incidents is changing. Insurance policies have to evolve to reflect the changing environment. We have completely reconstructed our proposition and now offer policyholders more than just a comprehensively worded policy, but rather an all-encompassing cyber incident solution.”

He continues: “We’ve built an extensive in-house incident response capability to ensure that cyber incidents are dealt with quickly and efficiently in real time. And because we want to encourage engagement with our experts as soon as possible for a swift resolution, we’re offering initial response services with no deductible payable by the insured.”

Our new proposition also provides broader cover for senior executive officers who are regularly targeted in cyber attacks, covering theft of personal funds of individuals as well as those of the company. And if a suit is brought against directors and officers following a cyber attack, our policy provides affirmative cover in the event that their management liability policy doesn’t respond.

The product suite includes comprehensive computer crime cover, system repair costs and incident response costs in addition to the limit.

Expert views at the fourth annual Cyber Symposium

Expert views at the fourth annual Cyber SymposiumThe 2016 Cyber Symposium held at a new location on the edge of the City was our most successful one yet.

Over 150 of our partners and peers in the London market came together to hear the views on the cyber insurance market from two distinguished industry speakers – Lloyd’s Chief Executive Officer Inga Beale and Pool Re Chief Executive, Julian Enoizi. We were also delighted to welcome Ciaran Martin – Chief Executive of the newly created National Cyber Security Centre, part of GCHQ – on to the panel to provide us with insight into the new organisation.

Inga concentrated on the ongoing debate as to whether the (re)insurance industry should be handing over cyber catastrophe risks to the state. While she acknowledged that the industry would not be able to cope with “mega risks”, she was crystal clear in her view that it can handle the vast majority of smaller ones. Work being done at Lloyd’s right now suggests that cyber exposures at syndicates are currently no bigger than some of the other risks the market takes on.

She also dismissed the idea of compulsory cyber insurance for businesses, saying it was a “blunt instrument”. In her view it would be far better to make companies disclose the robustness of their cyber security – and if they decide they need cyber insurance, then so much the better.

Highlighting the ”gulf” in existing insurance coverage around property damage arising from cyber risks, Julian pointed to several cyber attacks that resulted in physical damage to infrastructure. He confirmed that Pool Re is exploring expanding its terrorism remit to include property damage as a result of cyber terrorism – and in his view this would happen in 2017.

He reassured guests that Pool Re was supporting rather than trying to supplant the private market and that he believed that public-private partnership represented the way forward when it comes to systemic cyber exposure. His proposed model would take catastrophic risk away from the private market which would then encourage (re)insurers to put shareholder capital at risk knowing that they wouldn’t have to worry about systemic catastrophic risk.

In talking about the objectives of the new National Cyber Security Centre, Ciaran Martin said that there was a real need to “demystify” cyber security saying that a lot of it is pretty basic. In his view, there hasn’t been enough done to educate people about the risks of today’s tech-driven environment and that this is essential to improving the wider cyber infrastructure.

He also felt that government, media and industry each had a role to play by stopping the characterisation of cyber attacks as clever or sophisticated – the vast majority simply aren’t.

Ciaran believes that the cyber environment needs to mature to provide more evidence and data to help develop government policy as well as help our industry. He endorsed the point that no-one wants to nationalise risk, saying that the government and GCHQ have both been “adamant” on this in the past. Rather, he sees the need to encourage calm, rational dialogue between all parties so that eventually cyber risk is perceived as “normal” rather than catastrophic.

We’ll be sharing videos of each of our panelist’s presentations over the next few days and in the meantime, we’re already planning how we can top this year’s event in 2017!

Cyber rankings survey puts CFC on top

Cyber rankings survey puts CFC on topWe’re pleased to announce that CFC has topped the recent Cyber Rankings Survey conducted by The Insurance Insider.

Reviewing the merits of London’s cyber brokers and underwriters and conducted by independent and experienced research staff, CFC dominated the rankings with its staff taking the top three positions for underwriters. Graeme Newman and Andy Hall came in third and second place, respectively, with Alex Jomaa taking the top spot with 10 percent of broker respondents ranking him as best-in-class. Overall, five CFC underwriters placed in the top 10.

The survey measured a number of attributes including work ethic, creativity, technical knowledge, negotiating skills and communications skills.

JLT’s Jack Lyons, Paragon’s William Wright, and Tom Quy from Miller took the top three broker spots.

If you’d like full access to the survey data, contact The Insurance Insider’s commercial director Spencer Halladey. Or, to view the full story in the Insurance Insider, click here.

CFC is double winner at the 2016 Commercial Insurance Awards

CFC double winner at 2016 CIR AwardsWe are incredibly proud to announce that CFC Underwriting was named Digital/Cyber Risk Insurance Provider of the Year at the Commercial Insurance Awards hosted by CIR Magazine in London last night.

We also went on to win the ultimate accolade of the evening, being named the Overall Winner.

Now in their third year, the Commercial Insurance Awards are the showcase for excellence within commercial insurance. In winning the Digital/Cyber Risk Insurance Provider of the Year category, CFC was recognised for having delivered the best digital risk offering in the market over the last year.

CFC’s Cyber Practice Leader, Vicky Paxton, says: “The cyber team is overwhelmed to have won this award. We’ve made a huge investment in cyber this year and it’s been a real team effort across products, claims, marketing and underwriting. To have been recognised by the judges for setting the standard in this vital area of coverage is testament to the passion our company has for this emerging class of insurance. We are incredibly proud and it will spur us on to continue to drive forward its development and innovation.”

CFC announces US cyber insurance roadshow

CFC announces US cyber insurance roadshowLondon-based cyber insurance specialist, CFC Underwriting, has announced that its cyber team will be on tour in the US from the 7th through the 10th March.

The team will be holding four interactive sessions with brokers in San Francisco, Chicago, Atlanta and New York. Running from 9.00 am to 11.30 am each session will delve into cyber crime, emerging security threats, policy trends, and the CFC approach to cyber insurance and will close with an interactive Q&A allowing brokers to put their questions to the CFC experts. Sessions will also include a breakout to discuss non-physical perils and intangible assets.

CFC’s Cyber Practice Leader, Vicky Paxton, says: “The CFC cyber team is back in the US by popular demand! We hit the road last year and received great feedback from all the brokers we met. We’re looking forward to sharing our thoughts on how the cyber market is developing and answer as many questions as possible from old friends and new faces.”

Spaces are strictly limited at all venues and brokers can reserve a place on a first come, first served basis by contacting Georgia Harris at

Monday March 7th – Hotel Adagio, San Francisco
Tuesday March 8th – Sofitel Water Tower, Chicago
Wednesday March 9th – Glenn Hotel, Atlanta
Thursday March 10th – Langham Place, New York

CFC to provide Cyber Essentials certification

CFC to provide Cyber Essentials certification28 Sep 15: Specialist lines underwriting agency CFC today announces that it will be providing its clients with the opportunity to obtain Cyber Essentials certification free of charge through its newly launched cyber portal.

Cyber Essentials is a UK Government backed and industry supported scheme that guides and encourages businesses, universities, charities and public sector organisations to focus on basic cyber hygiene to protect themselves from the most common cyber threats. It aims to help organisations implement basic levels of protection against cyber attack, assessing themselves against five basic security controls, testing that they work and obtaining independent verification.

CFC has partnered with Cyber Essentials accreditation body IASME to build this certification into its cyber product suite. IASME also offers its own governance standard developed specifically to be achievable for SMEs as an alternative to ISO27001.

CFC’s Cyber Practice Leader, Vicky Paxton, says: “We are passionate about helping our clients get to grips with cyber risks, particularly as governments such as that in the UK and major organisations are increasingly mandating their partners demonstrate that they have basic levels of cyber protection in place. We believe that providing our clients with easy to understand educational tools is essential to helping them adopt cyber security best practice and support the future success of their businesses.”

Emma Philpott, CEO at IASME, comments: “After seeing an increasing number of companies improve their security by going through the Cyber Essentials process, it is fantastic news that CFC are giving their clients this opportunity free of charge. Now that Cyber Essentials certification is seen as a competitive advantage in many tenders, CFC is helping their clients be both more secure and more competitive.”