Two-thirds of UK firms don’t have cyber security insurance
A new report has found that many UK businesses do not have sufficient protection in the event of security breaches or data loss.
According to the Risk:Value report from NTT Security, just one-third of UK organisations have insurance that covers them for a security breach and for the financial impact of data loss - despite the fact that 81% of business leaders agree that it is “vital” that their organisation is insured against information security breaches.
Kai Grunwitz, senior vp EMEA at NTT Security, said: “With estimated annual losses from cyber crime now topping £291bn according to the Center for Strategic and International Studies, you would hope more organisations would be beating a path to insurers’ doors. But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it’s an issue that many senior decision-makers are not on top of.”
The report’s findings also show that 45% of business leaders don’t even know what their company insurance covers them for.
While 63% of respondents in the UK say they have an incident response plan in place, and another 18% are in the process of implementing one, 38% agree that lack of an incident response plan could or would also invalidate their company insurance.
Half of those polled said that the failure to maintain or apply updates to existing IT systems would or could invalidate their company insurance, while 37% point to lack of compliance with industry regulations, including GDPR.
Incident response is a basic requirement of best practice security and is even more important with the GDPR mandating 72-hour notifications following a breach.
Grunwitz said: “While cyber risk insurance should be put in place to help mitigate the potential fallout of a data security breach, a policy must not be seen as a ‘get out of jail free’ card. Cyber insurance must be complementary to an effective risk-based information security strategy, not a replacement for it. You wouldn’t expect your house insurance provider to pay out if you were burgled when the doors and windows are left unlocked. So don’t expect a payout - or indeed an insurance policy - if you haven’t put in place the right processes and policies.”