Two-thirds of UK organizations do not have cyber insurance

Nearly two-thirds of British organizations are not insured for cyber incidents, according to Risk: Value report from NTT Security. Even with massive uproar around cybersecurity and the Global Data Protection and Regulation coming to effect earlier this year, a vast majority of UK companies do not have a cyber insurance to cover major cyber attacks and breaches.

The report which surveyed 1,800 global senior decision makers from non-IT functions pointed out that UK organizations have spent more than $1 million to recover from cyber attacks. “With estimated annual losses from cyber crime now topping $400bn (£291bn) according to the Center for Strategic and International Studies, you would hope more organisations would be beating a path to insurers’ doors. But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it’s an issue that many senior decision makers are not on top of, ” said Kai Grunwitz, Senior VP EMEA, NTT Security.

According to the study, less than a third (29 percent) of firms have dedicated cybersecurity insurance in place. Even here six percent said their insurance covers only for information security breaches, while 11 percent covered data loss alone. This was despite the fact that 81 per cent of the respondents felt that it is important for their organizations to be cyber insured.

He added, “While cyber risk insurance should be put in place to help mitigate the potential fallout of a data security breach, a policy must not be seen as a ‘get out of jail free’ card. Cyber insurance must be complementary to an effective risk-based information security strategy, not a replacement for it. You wouldn’t expect your house insurance provider to pay out if you were burgled when the doors and windows are left unlocked. So don’t expect a payout – or indeed an insurance policy – if you haven’t put in place the right processes and policies.”