Project Summary

Today, cyber insurance mostly covers security risks like data breaches or ransomware, but it misses a big threat: privacy risks (e.g., misusing customer data, ignoring GDPR rules, or collecting too much sensitive information). This means insurers and businesses alike are blindsided by fines, reputational harm, and unexpected costs. 

Our project fixes this by adapting AI technology (developed within the EPSRC-funded AGENCY project) to score privacy risks for cyber insurance. We will work directly with insurers (like Somerset Bridge Group) and banks to design tools that combine privacy scores with traditional security checks, making risk assessments fairer and more accurate. 

These tools will help insurers set accurate premiums, businesses pay risk-aligned costs, and strengthen the UK’s cyber insurance resilience. Key outputs will be shared via UKFin+ for wider industry adoption. 

Partner Organisation