Almost a third of UK executives surveyed say their firm has no cybersecurity insurance, compared to 40 per cent in other countries surveys . Only 28 per cent of UK firms surveyed have cybersecurity insurance that covers all risks, 69 per cent of respondents say insurers should do more to explain how they price risk.
UK firms are increasingly protecting themselves with cybersecurity risk insurance, but nearly a third of firms have not taken out insurance yet. A new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO reveals that even among those that have insurance, only 28 per cent said they have cybersecurity insurance that covers all risks.
Even though the majority of firms surveyed have cybersecurity insurance, most say that the risk assessment process insurers use needs improvement. Just 31 per cent of respondents think their premiums reflect an accurate assessment of their risk. Nearly as many, 29 per cent, said they don’t believe the assessment accurately reflects their risk, and 11 per cent said they don’t know how their insurance is priced.
“The UK will soon be subject to General Data Protection Regulation (GDPR), which introduces higher fines in cases of data breach,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “Even if attacks don’t increase in volume, firms could end up paying more, which makes having comprehensive insurance more important. At the same time, companies have a right to expect that they will pay less if their protection is better. The onus is on the cybersecurity insurance industry to make sure insurance rates are fairly set for each individual firm, based on a sound analysis of its risk.”
Ovum conducted the survey for FICO through telephone interviews with 350 CXOs and senior security officers based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, retail, ecommerce and media service providers.
GDPR Summit Series will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at www.gdprsummit.london
The GDPR Summit Series has been specifically designed for business generalists rather than data protection or privacy specialists and will provide delegates with a comprehensive picture of the new regulations and a practical understanding of the implications and legal requirements needed for compliance.