Channel News

Most firms admit they are not insured for data security breaches

Less than half (41 percent) of firms are fully insured for both security breaches and data loss, and only a third have dedicated cybersecurity insurance.

This is according to the 2016 Risk:Value report from NTT Com Security, which questioned 1,000 non-IT business decision makers in organisations in the UK, US, Germany, France, Sweden, Norway and Switzerland. In the UK, 200 organisations were questioned as part of the report.

Cyber insurance is a potentially huge market, and annual gross written premiums are estimated to grow from around $2.5 billion in 2015 to reach $7.5 billion by the end of the decade, according to consulting firm PwC.

The NTT report reveals that one in ten (12 percent) have no insurance cover at all for either security breaches or data losses. This is despite most business decision makers admitting that there is an increased cyber security threat, and that the cost of recovering from such an attack “could start from around $1 million” (£1.2 million in the UK).

While cyber liability insurance has become increasingly popular and can include cover for data/privacy breaches, extortion liability and network security liability, only 35 percent of businesses currently see the need to take a policy out, although a further 43 percent are getting one or thinking about it.

Businesses in the US are most likely to have this type of insurance – 51 percent compared to just 26 percent in the UK. Notably, wholesale organisations (43 percent) are more likely to take out dedicated cyber insurance, together with business/professional services (43 percent) and utilities companies (39 percent).

Less than half (46 percent) of those respondents whose organisation has company insurance that covers data loss or a breach, expect it to cover legal costs. Fewer expect it to cover regulatory fines (43 percent), government fines (41 percent) and remediation (41 percent). Covering loss of business and loss of IP (intellectual property) is even less likely, according to the report, at just 25 percent.

When it comes to the validity of insurance cover, half of respondents cite that lack of compliance with necessary security criteria could invalidate their insurance, while 46 percent feel that not complying with business policies could be a problem, and 43 percent point to the lack of an incident response plan.

Faced with risks every day, it’s easy for organisations to look for quick-fix solutions rather than focusing on building a solid security and risk management strategy,” says Garry Sidaway, SVP security strategy and alliances, NTT Com Security.

Rather than relying solely on an insurance policy to cover losses, businesses need a different game plan. Buy insurance by all means, but insurers need to know what they are insuring and that the controls have been put in place to protect assets – this is the only way they can agree on cover.”

@AntonySavvas

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago