The million pound gamble

New research reveals that UK businesses would have to spend on average £1 million to recover from a breach

Only one third of senior executives in UK organisations admit their company insurance currently covers them for a security breach and for the financial impact of data loss, despite the fact that 81% agree that it is 'vital' their organisation is insured against information security breaches.

This is according to the latest 'Risk:Value' report from NTT Security, which also reveals that less than a third (29%) of firms have dedicated cyber security insurance in place.

The 2018 report, which looks at the attitudes of 1,800 global senior decision makers from non-IT functions to risks to the business and the value of information security, reveals that UK businesses would have to spend on average £1 million to recover from a breach.

While the UK compares poorly to other markets like the US and Singapore (53%) when it comes to insuring against both information security breaches and data loss, it still fares better than Benelux (27%) and the Nordics (23% in Sweden; 28% in Norway). The UK also ranks second from last for having dedicated cyber insurance, alongside Germany (29%) and just above Benelux (27%).

Just six per cent of respondents in the UK say their company insurance covers only for information security breaches, while 11% are covered only for data loss. However, the fact that close to half (45%) of those surveyed do not know if their company insurance covers either of these is a concern, given that it is the highest figure for any of the countries in the report and well above the global average of 23%.

Kai Grunwitz, senior VP EMEA, NTT Security, comments: "With estimated annual losses from cyber crime now topping $400bn (£291bn), according to the Center for Strategic and International Studies, you would hope more organisations would be beating a path to insurers' doors. But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it's an issue that many senior decision makers are not on top of."

According to figures, the number of insurers now offering cyber insurance via Lloyd's of London has leapt to more than seventy - nearly double the number a few years ago - while insurance giant Allianz predicts that global cyber insurance premiums will grow to $20bn by 2025, up from around $3-4bn currently.

According to the 2018 Risk:Value report, half of respondents in UK organisations believe that the failure to maintain or apply updates to existing IT systems would or could invalidate their company insurance, while 37% point to a lack of compliance with industry regulations, including the General Data Protection Regulation (GDPR), which came into force in May.