Two years have passed, but the non-serious behaviour of companies related to data protection is unbelievable and unbearable.
According to the Risk: Value Report 2018
The NTT Security, a specialised security company of NTT Group, published the latest Risk Value report.
The report says one-third of companies’ senior executives in the UK have admitted that their company is insured and contains coverage for a security breach.
Eighty-one per cent of companies understand how important it is to be insured. Therefore, they know the worth of data protection and are insured to deal with any information security breaches.
Furthermore, the report also manifested that 29%, which is less than a third, firms have dedicated cybersecurity insurance in place.
The report unleashes that the UK businesses will be spending £1 million to recover from a breach.
The 2018 report was published after inspecting the attitudes of 18,000 senior global decision-makers and the value of the information security.
When talking about insurance for both data loss and information security breaches, the percentage of the UK is far more poor as compared to the US and Singapore (53 per cent).
However, it is better than Benelux (27 per cent) and the Nordics (23 per cent in Sweden and 28 per cent in Norway).
On the scale of cyber insurance, the UK stands the second last, along with Germany (29 per cent). Whereas, Benelux stands the last with (27 per cent).
Only Six per cent UK respondents of the different companies reported that their companies cover information security breaches.
On the other hand, 11 per cent said that they only cover data loss.
In reality, almost half (45 per cent) of the respondents were not aware that if their companies insurance cover any one of them or not.
Kai Grunwitz, Senior VP EMEA
Kai Grunwitz, Senior VP EMEA, NTT Security, said that “With estimated annual losses from cybercrime now topping $400bn (£291bn) according to the Centre for Strategic and International Studies, you would hope more organisations would be beating a path to insurers’ doors.
But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it’s an issue that many senior decision-makers are not on top of.”
It has been heard that the number of insurers has reached to 70 and now they are offering cyber insurance via Lloyd’s of London.
The current figure is double than the amount a few years ago.
Whereas, the insurance giant Allianz estimated that the global cyber insurance premiums would reach $20bn by 2025, up from around $3-4bn currently.
The Risk: Value report exhibited that, half of the UK companies’ respondents have this believe that failure in maintaining or not updating the existing IT systems will invalidate their organisation insurance.
And, 37 per cent pointed their companies’ lacking towards the General Data Protection Regulation compliance.
And, 63 per cent of UK respondents said they have an already prepared response for any incident.
Moreover, the other 18 per cent are in the process of preparing a response plan. And, 38 per cent agreed that without an incident response plan their company’s insurance could be invalidated.
Rudimentary, the Incident response is a pedestal requirement of security best practice. Its importance raises even more with the GDPR mandating 72-hour notifications following a breach.
The GDPR and NIS Directive
The GDPR and NIS Directive both require organisations in one way or another to follow best practices in cybersecurity, threatening huge fines of up to £17 million or four per cent of global annual turnover for non-compliance.
Grunwitz adds: “While cyber risk insurance should be put in place to help mitigate the potential fallout of a data security breach, a policy must not be seen as a ‘get out of jail free’ card.
Cyber insurance must be complementary to an effective risk-based information security strategy, not a replacement for it.
You wouldn’t expect your house insurance provider to pay out if you were burgled when the doors and windows are left unlocked. So don’t expect a payout – or indeed an insurance policy – if you haven’t put in place the right processes and policies.”