Skip to main content

Cyber-insurance 'vital', but businesses aren't taking it

Businesses in the UK and Europe consider their cyber-security and data 'vital' to maintaining a healthy organisation, but the majority are not doing enough to protect themselves, a new report suggests.

The Risk:Value report, released by information security and risk management company NTT Com, polled 1,000 non-IT business decision makers in the UK, US, Germany, France, Sweden, Norway and Switzerland.

According to the report, just 41 per cent of companies are covered for both cyber-attacks and data loss. To make things worse, 12 per cent have no insurance cover at all, for either of the two happening.

This really is a big deal – companies have confirmed that the number of cyber-attacks is on the rise, and in average, a data breach can cost a UK business £1.2 million (usually around $1 million worldwide).

When it comes to insurance policies for data and privacy breaches, 35 per cent of companies currently see the need to get one, but another 43 per cent are thinking about it.

The report also says that US businesses have more foresight for the issue, with 51 per cent reporting having such insurance, compared to just 26 per cent in the UK.

Wholesale organisations are most likely to grab a dedicated cyber-security insurance (43 per cent), followed by business and professional services (also 43 per cent), and utilities companies (39 per cent).

“Faced with risks every day, it’s easy for organisations to look for quick-fix solutions rather than focusing on building a solid security and risk management strategy,” says Garry Sidaway, SVP Security Strategy & Alliances, NTT Com Security. “Rather than relying solely on an insurance policy to cover losses, businesses need a different game plan. Buy insurance by all means, but ensure that you can demonstrate that you have put controls in place to reduce your risks, and, what these controls cover – this way you know what is being insured. Being able to demonstrate that these controls are being tested and monitored is essential. Insurers need to know what they are insuring and the controls put in place to protect assets – this is the only way they can agree on cover.”

Photo credit: Kletr / Shutterstock