49% of US Companies Lack Insurance Coverage for Cyberattacks

April 29, 2016

While the majority of global organizations say that it is ‘vital’ their organization is insured against information security breaches, less than half (41%) are fully covered for both security breaches and data loss and a third have dedicated cybersecurity insurance.

Of the countries polled, 49% of the US companies surveyed currently do not have insurance specifically for cybersecurity attacks. This is according to the 2016 Risk: Value report looking at attitudes to cybersecurity and risk from NTT Com Security.

Research among 1,000 non-IT business decision makers in organizations in the UK, US, Germany, France, Sweden, Norway and Switzerland reveals that one in ten (12%) have no insurance cover at all for either eventuality. This is despite most business decision makers admitting that there is an increased cybersecurity threat, and that the cost of recovering from such an attack could start from around $1 million (£1.2m in the UK).

While cyber liability insurance has become increasingly popular and can include cover for data/privacy breaches, extortion liability and network security liability, only 35% of businesses currently see the need to take a policy out, although a further 43% are getting one or thinking about it. Businesses in the US are most likely to have this type of insurance – 51% compared to just 26% in the UK. Notably, wholesale organizations (43%) are most likely to take out dedicated cyber insurance, together with business/professional services (43%) and utilities companies (39%).

Less than half (46%) of those respondents whose organization has company insurance that covers data loss or a breach, expect it to cover legal costs. Fewer expect it to cover regulatory fines (43%), government fines (41%) and remediation (41%). Covering loss of business and loss of IP (intellectual property) is even less likely, according to the report, at just 25%.

When it comes to the validity of insurance cover, half of respondents cite that lack of compliance with necessary security criteria could invalidate their insurance, while 46% feel that not complying with business policies could be a problem, and 43% point to the lack of an incident response plan.

“Faced with risks every day, it’s easy for organizations to look for quick-fix solutions rather than focusing on building a solid security and risk management strategy,” said Garry Sidaway, SVP Security Strategy & Alliances, NTT Com Security. “Rather than relying solely on an insurance policy to cover losses, businesses need a different game plan. Buy insurance by all means, but ensure that you can demonstrate that you have put controls in place to reduce your risks, and, what these controls cover – this way you know what is being insured. Being able to demonstrate that these controls are being tested and monitored is essential. Insurers need to know what they are insuring and the controls put in place to protect assets – this is the only way they can agree on cover.”

Cyber insurance is a potentially huge market, and annual gross written premiums are estimated to grow from around $2.5 billion in 2015 to reach $7.5 billion by the end of the decade, according to “Insurance 2020 & beyond: Reaping the dividends of cyber resilience”, a report by PwC.

The NTT Risk: Value report also reveals that only around half (52%) of businesses have a full information security policy, while less than half (49%) have a disaster recovery plan in place.

Read more: www.nttcomsecurity.com/us/landingpages/risk-value-2016/

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

49% of US Companies Lack Insurance Coverage for Cyberattacks

Related Articles

Related Products

Related Events

Report Abusive Comment