Do Consumers Really Want Cyber Cover?

Last month, cyber research from Consumer Intelligence was published in POST magazine. 

While the market and the media understandably focus on the vulnerability of businesses to cyber attack, the consumer appetite for protection remains far more uncertain, despite over one in three people (37%) suffering a cyber-related breach, and 22% of victims experiencing more than three.

We tested consumer experiences and attitudes to a range of cyber-related products including data protection, data recovery and cyber-bullying. We found two broad themes: First, they are far from certain about the benefits of cyber protection — or more specifically, cyber protection as provided by insurers. Second, being a victim does not seem to materially change attitudes or appetite.

"Either consumers do not trust insurers outright (something we often talk about), or do not trust insurers to get the job done in this new, relatively untested area where blue chip technology brands hold more experience and sway."

50% of cyber victims (and 31% of those unaffected) said they would be interested in cyber products, and 51% and 35% of these two groups also said they would be willing to pay for it. While this suggests a commercial opportunity, there is also a significant associated challenge: some consumers would prefer solutions to come from outside the sector. Victims, in fact, were twice as likely to opt for a new or insurtech proposition compared to those who have so far eluded cyber criminals (19% vs. 10%).

This suggests either consumers do not trust insurers outright (something we often talk about), or do not trust insurers to get the job done in this new, relatively untested area where blue chip technology brands hold more experience and sway.

This kind of reticence could also explain why the majority of insurers say they currently do not intend to create cyber-related products for the mass consumer market. Consumers are either unaware that they need it; unaware it exists in the first place; or are aware, but perhaps do not feel it is something that can be guarded against. 80% of victims said they were more careful following a cyber attack — and yet 51% of them have been attacked at least twice.

Even those who have been directly impacted are far from emphatic. We found that victims are twice as likely to buy cyber cover within the next two years. However, this still only accounts for a quarter of that segment (26%), and 17% of consumers overall. Over time that proportion rises — the assumption being that the threat, and the products to meet it, will become much more tangible. Ultimately, though, the majority of consumers say they don’t know or will never purchase a cyber policy of any kind.

When will you buy a cyber product?

Expert View — Stuart Peters, Head of Consumer Research

Looking at the appeal of cyber products, and consumers as a whole, one third are not interested; another third are ambivalent, and the remaining third are curious. This appeal is unsurprisingly higher for those who have been directly affected, but perhaps less so than we might expect.

Cyber gets a lot of airtime, but the reality is that most consumers — even those impacted — are not particularly engaged. Do they even perceive an issue?

Shifting consumer behaviour is always difficult and this research suggests further investigation is necessary to really understand what cyber means to people, what the risks are, and to take that forward to build a proposition that is customer facing rather than shoe-horning additional cover into existing products; that runs the risk of not only being confusing, but doesn't necessarily provide the peace of mind that is required.

Insurers need to properly test ideas to ensure they build a proposition that truly resonates with their potential market. This will come, of course, from talking to the victims: informing what not only what needs to be covered, but also shaping the optimal marketing message to build awareness and appetite, which is particularly important in an emerging and intangible market such as this.

"Though insurers are increasingly dipping their toes into the water, mass adoption still seems a long way off."

An example of the disconnect is the relatively low interest in cyber-bullying protection. There may be a lot of noise about this in the media but my sense is this is a social issue and, therefore, not something you can easily insure against. It’s about social responsibility first, insurance second.

Though insurers are increasingly dipping their toes into the water, mass adoption still seems a long way off. The good news for the industry is that the established players are largely endorsed. It’s probably a bit of chicken and egg: it's a vague concept so, for those who do want, they are likely to go to one of the main brands.

However, we also found that consumers were scarcely no more likely to take out cyber cover with a traditional carrier, whether they had suffered a cyber attack or not. Victims showed a greater willingness instead to try newer carriers, which could spell good news for the digital disruptors — where a product like this is a good fit. The question is, when push comes to shove, will established brand power or the tech savvy startup carry the day?

What kind of cyber attack have you suffered?*

*Victims only