A full 50 percent of US firms do not have cybersecurity insurance, despite the fact that 61 percent of US firms expect the volume of cyber breaches to increase in the next year.
These findings come from a new survey conducted by Ovum, which also reveals that even among those that have insurance, only 16 percent said they have cybersecurity insurance that covers all risks. This puts the US well behind the UK and Canada, among other countries.
In the US, the healthcare industry is particularly behind on protecting itself with cybersecurity risk insurance. None of the healthcare firms represented in the survey have insurance that covers all risk, while 74 percent have no cybersecurity insurance at all.
“With so many firms concerned about a rise in the likelihood of cyber breaches in the next year, it’s troubling to see that half of them don’t have any cybersecurity insurance protection,” said Bob Shiflet, who oversees fraud and financial crime solutions at FICO. “There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable.”
US executives identified several ways by which the risk assessment process insurers use could improve. Twenty-nine percent say that insurers should provide clear guidelines about how premiums are chosen, 28 percent would like clearer communications as to why premium adjustments happen and 23 percent would like insurers to introduce an industry standard for benchmarking cybersecurity risk.
Ovum conducted the survey for FICO through telephone interviews with 350 CXOs and senior security officers based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, retail, ecommerce and media service providers.