Cybersecurity Insurance — But Not Full Coverage
Blog: Enterprise Decision Management Blog
The number of UK firms with cybersecurity insurance has risen in the past year — but less than half say their cyber insurance covers all risks.
The second annual cybersecurity survey from research and consultancy firm Ovum, for Silicon Valley analytics firm FICO, found that the number of UK firms reporting they have no cybersecurity insurance dropped from 31 percent in 2017 to 10 percent in 2018. While this is substantially better than the 24 percent reported across all 11 countries surveyed, only 38 percent of UK respondents said their cybersecurity insurance covers all risks.
Cybersecurity Insurance – Telcos still lack coverage
Telecommunications firms were the most likely to have no cybersecurity insurance — 17 percent reported this, compared to just 5 percent of financial services firms. (This shows that not much has changed in the industry since last year as per the findings in our e-book “Cybersecurity for Telecoms –Views from the C Suite.” )
Furthermore, less than half — just 40 percent — of firms said their insurer based their premiums on an accurate analysis of their risk profile. Most firms said premiums are based on an inaccurate analysis, on industry averages or on unknown factors.
“Cybersecurity insurance has become a must-have for UK firms in a short period of time,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “But with that growth will come increased pressure on insurers to increase the transparency and fairness around how premiums are set. Businesses will demand that their investments in cybersecurity protection — and the strength of their cybersecurity posture — drive their premiums down.”
“Although UK organizations perform well in terms of the uptake of cyber insurance, the fact that fewer than 40% have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance,” said Maxine Holt, research director at Ovum. “It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 90% of UK organizations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially.”
Cybersecurity Insurance – UK Full results
Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in financial services, telecommunications, retail and ecommerce, and power and utilities.
Last month, FICO announced that it is offering free subscriptions to the Portrait portal of the FICO® Enterprise Risk Suite, which gives businesses access to their FICO® Enterprise Security Score. The score, a machine learning-based cybersecurity rating service, can show organizations how business partners and cyber insurance underwriters see their network security, and can help them benchmark their performance. More information is at http://securityscore.fico.com.