Only one third of senior executives in UK organizations say that their company insurance currently covers them for a security breach and for the financial impact of data loss despite the fact that 81 percent agree that it is ‘vital’ their organization is insured against information security breaches. This is according to the latest Risk:Value report from NTT Security, which also reveals that less than a third (29 percent) of firms have dedicated cyber security insurance in place.
The 2018 report, which looks at the attitudes of 1,800 global senior decision makers from non-IT functions to risks to the business and the value of information security, reveals that UK businesses would have to spend on average £1 million to recover from a breach.
While the UK compares poorly to other markets like the US and Singapore (53 percent of organizations are insured in these markets) when it comes to insuring against both information security breaches and data loss, it still fares better than Benelux (27 percent) and the Nordics (23 percent in Sweden; 28 percent in Norway). The UK also ranks second from last for having dedicated cyber insurance, alongside Germany (29 percent) and just above Benelux (27 percent).
According to the 2018 Risk:Value report, half of respondents in UK organizations believe that the failure to maintain or apply updates to existing IT systems would or could invalidate their company insurance, while 37 percent point to lack of compliance with industry regulations, including the General Data Protection Regulation (GDPR), which came into force in May. While 63 percent of respondents in the UK say they have an incident response plan in place, and another 18 percent are in the process of implementing one, 38 percent agree that lack of an incident response plan could or would also invalidate their company insurance.