UK firms are lacking on cybersecurity insurance

null

Awareness of the need for having cybersecurity insurance is growing among UK companies, but there’s still a big problem to it – this insurance doesn’t cover all risks.

This is according to a new report by Ovum and FICO, which says the number of UK firms with insurance against cybersecurity incidents has risen in the last 12 months. The number of UK companies without such insurance dropped from 31 per cent last year, to 10 per cent this year, beating the average of the other 11 countries polled (24 per cent).

But less than one in four (38 per cent) have said that their cybersecurity insurance covers all risks.

Among those companies that have no insurance at all, telecommunications firms lead the charge with 17 per cent. On the other end of the spectrum are financial services firms with just five per cent.

Insurers are basing their premiums on an accurate analysis of the company’s risk profile, it was said, with most firms claiming premiums are being based on inaccurate data, industry averages or ‘unknown factors’.

“Cybersecurity insurance has become a must-have for UK firms in a short period of time,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “But with that growth will come increased pressure on insurers to increase the transparency and fairness around how premiums are set. Businesses will demand that their investments in cybersecurity protection — and the strength of their cybersecurity posture — drive their premiums down.”

 “Although UK organisations perform well in terms of the uptake of cyber insurance, the fact that fewer than 40 per cent have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance,” said Maxine Holt, research director at Ovum. “It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 90 per cent of UK organisations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially.”

You can find more details about the report, which was based on a poll of 500 senior executives from the IT sector, on this link.

Image source: Shutterstock/deepadesigns