The number of UK firms with cybersecurity insurance has risen in the past year — but less than half say their cyber insurance covers all risks. The second annual cybersecurity survey from research and consultancy firm Ovum, for Silicon Valley analytics firm FICO, found that the number of UK firms reporting they have no cybersecurity insurance dropped from 31 percent in 2017 to 10 percent in 2018. While this is substantially better than the 24 percent reported across all 11 countries surveyed, only 38 percent of UK respondents said their cybersecurity insurance covers all risks.
Telecommunications firms were the most likely to have no cybersecurity insurance — 17 percent reported this, compared to just 5 percent of financial services firms.
Furthermore, less than half — just 40 percent — of firms said their insurer based their premiums on an accurate analysis of their risk profile. Most firms said premiums are based on an inaccurate analysis, on industry averages or on unknown factors.
“Cybersecurity insurance has become a must-have for UK firms in a short period of time,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “But with that growth will come increased pressure on insurers to increase the transparency and fairness around how premiums are set. Businesses will demand that their investments in cybersecurity protection — and the strength of their cybersecurity posture — drive their premiums down.”
“Although UK organisations perform well in terms of the uptake of cyber insurance, the fact that fewer than 40% have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance,” said Maxine Holt, research director at Ovum. “It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 90% of UK organisations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially.”
Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in financial services, telecommunications, retail and ecommerce, and power and utilities.
Last month, FICO announced that it is offering free subscriptions to the Portrait portal of the FICO® Enterprise Risk Suite, which gives businesses access to their FICO® Enterprise Security Score. The score, a machine learning-based cybersecurity rating service, can show organisations how business partners and cyber insurance underwriters see their network security, and can help them benchmark their performance.