The cost of cyber crime and data breaches has been the focus of many a survey and research paper and, alongside high-profile attacks like WannaCry which crippled the NHS, many would assume that businesses have taken steps to protect against the risk of attack – but that’s the thing with assumptions, they can be wrong.
A survey carried out by FICO and Ovum has revealed that 31% of UK executives said that their firm has no cybersecurity insurance. A paltry 28% of UK firms surveyed have cybersecurity insurance that covers all risks – with GDPR just a mere year away, this low number should act as a call to action for many execs.
“The UK will soon be subject to General Data Protection Regulation (GDPR), which introduces higher fines in cases of data breach,” said Steve Hadaway, FICO general manager for EMEA.
“Even if attacks don’t increase in volume, firms could end up paying more, which makes having comprehensive insurance more important. At the same time, companies have a right to expect that they will pay less if their protection is better. The onus is on the cybersecurity insurance industry to make sure insurance rates are fairly set for each individual firm, based on a sound analysis of its risk.”
Mr Hadaway’s sentiments regarding insurance rates were also shared by security execs at the 350 companies surveyed by FICO and Ovum. Even though the majority of firms surveyed have cybersecurity insurance, most say that the risk assessment process insurers use needs improvement. Just 31% of respondents think their premiums reflect an accurate assessment of their risk. Nearly as many, 29%, said they don’t believe the assessment accurately reflects their risk, and 11% said they don’t know how their insurance is priced.
Although there is a low number of firms protected from all cyber risks, more and more businesses have rushed to get protection in the wake of high-profile attacks. Earlier this year, CFC Underwriting said that the ‘fear factor’ of a costly cyber attack has driven UK adoption of cyber insurance up a huge 50% in 2016, making cyber insurance one of the fastest growing lines of insurance in the world.
Inga Beale, CEO at Lloyd’s, who spoke at the 2016 Cyber Symposium said: “There is a huge exposure out there for businesses and there is still a certain complacency amongst them that they have it under control. At Lloyd’s we are seeing huge cyber insurance uptake, and last year we introduced 15 different types of cover just for cyber, in anticipation of this demand rising in 2017.”