Assured Reacts: JLR Didn’t Have Cyber Insurance

We know what you’re expecting from us this week. It’s a cyber insurance broker’s dream, isn’t it? Headlines everywhere: “JLR failed to purchase cyber insurance”. This is the part where we chase that ambulance, shouting, “Don’t be the next JLR, secure a cyber insurance policy before the horse bolts”…Right?
That might be what you’re expecting. But it’s not what you’re going to get. Because frankly, that narrative is ill-advised and not worth the rooftop it’s shouted from.

Our very own CEO, Henry Green, states without hesitation that if he were the person responsible for JLR’s risk, he wouldn’t have invested in cyber insurance either. “Why the hell would they? The policy they were reportedly offered was for £30m cover (at the cost of £850k). They would have known that in an incident like this, they’d stand to lose £50 million a week. That cyber insurance policy wouldn’t have touched the sides. Any insurance manager asking for sign off on that would have been laughed out of the Board room.”

It seems like nobody has done the maths. If you consider the cost of that insurance policy and potential payout, versus the potential losses, you’ll very quickly come to the same conclusion we have. Even if JLR had signed off on the cyber insurance, its situation would be no less catastrophic. The insurance would have been completely immaterial.

“It’s apparent that they weren’t asked the right questions to quantify the risk and consequently weren’t presented with a policy that was worth the investment,” says Henry.

And that’s the problem with the conventional way that cyber insurance is approached by the general broker market. And that’s why we do things differently.

“For £300-500m cover, JLR would have been looking at a circa £5m premium with at least a £10m excess. £5m off your bottom line is no small cost. These numbers make for a far more rational approach from a risk transfer perspective, although their commercial viability would always be brought into question. In all honesty, we would expect a business of this size to self-insure up to a certain limit and only seek cover from the traditional insurance market for excess capacity should it be commercially feasible.”

So for now, we’ll park our white horse and let this opportunity for PR nirvana pass us by. And we encourage everyone to crunch the numbers before jumping on the opportunity to hang JLR out to dry.