The number of UK firms with cybersecurity insurance has risen in the past year — but less than half say their cyber insurance covers all risks. The second annual cybersecurity survey from research and consultancy firm Ovum, for Silicon Valley analytics firm FICO, found that the number of UK firms reporting they have no cybersecurity insurance dropped from 31 percent in 2017 to 10 percent in 2018. While this is substantially better than the 24 percent reported across all 11 countries surveyed, only 38 percent of UK respondents said their cybersecurity insurance covers all risks.
Telecommunications firms were the most likely to have no cybersecurity insurance — 17 percent reported this, compared to just 5 percent of financial services firms.
Furthermore, less than half — just 40 percent — of firms said their insurer based their premiums on an accurate analysis of their risk profile. Most firms said premiums are based on an inaccurate analysis, on industry averages or on unknown factors.
“Cybersecurity insurance has become a must-have for UK firms in a short period of time,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “But with that growth will come increased pressure on insurers to increase the transparency and fairness around how premiums are set. Businesses will demand that their investments in cybersecurity protection — and the strength of their cybersecurity posture — drive their premiums down.”
“Although UK organisations perform well in terms of the uptake of cyber insurance, the fact that fewer than 40% have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance,” said Maxine Holt, research director at Ovum. “It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 90% of UK organisations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially.”