Most UK firms underinsured for cyber threats

Credit: welcomia via iStock

A growing number of companies in the UK have taken out specialist cyber security insurance in the last year to protect them in the event of an attack, but many of these policies may not actually provide them with the comprehensive coverage they need.

This is the warning of a new study conducted by Ovum and FICO, which found that the number of firms in the UK without any form of cyber insurance coverage dropped to just ten per cent in 2018, compared with almost a third (31 per cent) last year.

However, while this is significantly better than the global average – the overall figure for the 11 countries examined in the study found almost a quarter of companies (24 per cent) have no protection – the majority of British businesses still have gaps in their coverage.

Less than four out of ten UK firms (38 per cent) reported that their cyber security insurance offers full protection from all risks. The majority of firms stated that their premiums have been calculated based on industry averages or other unknown factors, rather than an accurate analysis of their individual risk profile.

This could leave them exposed to significant financial risk if they fall victim to an attack that falls outside the limitations of their policy.

Steve Hadaway, FICO general manager for Europe, the Middle East and Africa, noted that cyber security insurance has become a "must have" for British business in a very short period of time. However, with this comes more pressure on providers to ensure they are fair and transparent in how their premiums are set, and reflects the increased efforts firms are making to secure their networks.

"Businesses will demand that their investments in cybersecurity protection – and the strength of their cybersecurity posture – drive their premiums down," he continued.

Maxine Holt, research director at Ovum, said that with less than 40 per cent of businesses having comprehensive insurance, it's clear there is some way to go before firms have a full understanding of their security posture and how to present it for insurance.

However she added: "We should not detract from the positive news here; 90 per cent of UK organisations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially."