Cyber insurance can’t replace cyber security, APM warns

Cyber insurance has become a big deal in the UK, but it’s no substitute for good cyber security.

APM Group has warned that cyber insurance and cyber security must go hand in hand in order for both to be effective.

Lloyds of London has reported a surge in the number of companies seeking cyber insurance in 2015, as they look to safeguard themselves against the impact of cyber security breaches. According to the insurer, the market for cyber insurance had experienced a 50 per cent increase in insurance submissions during the first three months of 2015, when compared to the same period in 2014.

As we reported earlier, the government is working on raising awareness among small and medium enterprises on the dangers of not being insured in case of a cyber-attack, but secure infrastructure provider Databarracks says having proper backup and disaster recovery plans set up are equally as important.

The government issued a report recently, stating that only two per cent of the UK’s large companies are insured in case of an attack. This is despite the fact that 81 per cent of companies suffered some form of breach in the past 12 months.

Richard Pharro, CEO of APM Group, commented: “The surge in cyber insurance uptake underlines the attention Cyber risk is now getting in the Boardroom and a greater understanding of cyber security issues across British industry. There is an expectation the cyber-insurance market is set to grow significantly throughout 2015 and beyond. In principle, the growth of cyber security insurance is very welcome especially if it grows alongside better corporate risk mitigation strategies, to avoid it offering a false sense of security.

Pharro also said many companies are superficial and sloppy when it comes to cyber security: “Some firms have taken strides towards cyber security but often fail to cover all aspects of the threat,” he said.

“The old adage that prevention is better than a cure may be a simplistic way to encapsulate the issue, but it does provide a lens for a firm to consider their Cyber risks. Undoubtedly, security begins with self-education, and by qualifying your company’s current capabilities and resilience to protect against cyber-risks. The first port of call for any cyber-aware firm needs to be a strict and dynamic cyber security strategy and this strategy should be underpinned by appropriate insurance” Pharro concluded.