Only a third of 250 security professionals would bother getting cyber insurance, while two-thirds (63 per cent) believe insurers would not actually honour a claim if one was made.
The research by AppRiver found that 32 per cent of UK businesses don’t bother seeking this increasingly vital cover.Jim Tyer, EMEA channel director for AppRiver, who conducted the survey at this year’s Infosecurity Europe conference, said that findings were “alarming” that there was so little faith in the insurance industry.
“An interesting calculation is that the probability of special measures being a requirement is at least one in every four policies. What this means for those respondents we spoke with during the show who were either unsure if their organisation had cover, and even those that did have cover but were unsure if they’d had to do anything different, 28 per cent would find their policies (if they have one) invalid due to this mandate. That’s worryingly high,” he said.
None of the respondents spoken with who had cyber liability insurance had had to make a claim on their policy. Tyer adds, “While this could be viewed as positive, it did raise two thoughts. Firstly, it means there’s no reassurance for the 63 per cent of respondents whose faith in insurance is non-existent, unfortunately.
“However, more importantly, the likelihood that no-one has suffered a breach is unlikely meaning either a percentage of people lied, hadn’t made a claim even though they’d suffered a breach or, in my opinion, the most probable: they are blissfully unaware of their current security posture! Not a particularly comforting thought.”
In an email to IT Security Guru, Beth Diamond, leader of the claims management team for privacy liability at the Beazley Group, admitted that there is more penetration into the market to accomplish and she sees newly insured companies looking at risk regularly, but too often it was after having suffered a breach and been without cover or assistance in responding.
Commenting on the 63 per cent statistic, she said she “smiles each time I am asked this question”.
“I am the global claims team leader for our technology, media and cyber group at Beazley, having joined the company in January 2006. I have been handling cyber claims from my earliest time at Beazley and can tell you from personal knowledge that not only have we paid out and continue to pay out material sums on cyber matters, but I have handled personally the largest cyber claims impacting Beazley insured, paying seven and eight figure sums (sometime policy limits) on cyber matters,” she said.
“I suspect that the media surrounding coverage disputes on cyber claims has created confusion about coverage generally for cyber, but cyber coverage from Beazley is real. That does not mean it is the proverbial ‘blank check’ and it is important that insured companies understand how coverage works. Not only how to maximise the coverage available, but understand that the coverage is there and it is real.”