Only a quarter of cyber security employees say their firm has cyber insurance

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.computing.co.uk/ctg/news/2442923/only-a-quarter-of-cyber-security-employees-say-their-firm-has-cyber-insurance

Only one-quarter (24 per cent) of UK cyber security professionals say that
their firm has cyber insurance, a report by recruiters Harvey Nash has
indicated.

Half of around 200 IT security professionals in the UK surveyed by the
recruitment firm said that their companies didn't have cyber insurance, and
26 per cent said that they didn't know.

Harvey Nash added that the fact that only one-in-four senior information
security professionals were aware that their organisation had secured cyber
insurance was surprising, particularly as in their survey, the security
professionals had all suggested that their companies were well-prepared in
case of a cyber-attack.

When the cyber security professionals who said they didn't have cyber
insurance were asked if they had plans to buy any in the next 12 months -
nearly half (46 per cent) said that they didn't have any plans, while more
than one-quarter said that they did (26 per cent) and 28 per cent said they
didn't know.

Harvey Nash found that only 19 per cent of senior information security
professionals at small organisations (£50m or less in revenue) currently
have cyber insurance; this increases to 29 per cent at mid-sized
organisations (£50m-£500m revenue), and at larger organisations (£500m+
revenues) the proportion falls again, to less than a quarter (24 per cent).

The recruitment firm suggested that the low proportion of companies with
cyber insurance was an indication that perhaps the cyber insurance products
currently on offer were not mature enough to provide the coverage that
respondents were seeking - or that perhaps senior cyber security pros
believe their colleagues in the finance function should be primarily
responsible for insurance coverage.

"Whatever the reason, it is clear that with rising information security
threat levels and growing regulatory burdens that include compensation for
customers affected by cyber breaches the market for insurance needs to
adapt to support these changes," the report reads.

Last year, a government report suggested that only two per cent of large
companies in the UK had explicit cyber security cover, and this drops to
closer than zero. The maturity of the market could be one reason, but there
is scepticism from chief information security officers; the most common
reason for not purchasing a cyber-insurance policy was the belief that
insurers would not actually pay out on a claim, according to a survey by
KPMG.

Recently, US casino company Affinity Gaming said it used $1.2m of a $5m
cyber-insurance policy on a security breach it suffered. It is seeking
$100,000 in damages from Trustwave, which allegedly claimed that it had
already dealt with the breach, only for Affinity Gaming to find out later
that its systems had still been compromised.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.