The use of cyber security insurance is growing – but one in three companies is still ignoring the benefits.
Cyber security insurance adoption is expected to continue to grow, but only 38% of companies polled in the US and Europe have active cyber insurance policies in place, a study has revealed.
Of those insured organisations, 45% purchased cyber security cover in the past two years, 32% purchased their policy three to four years ago, and only 24% have been covered for more than five years, according to the study by IT industry networking organisation Spiceworks.
Despite the fact that the adoption of cyber security insurance policies to offset the recovery costs associated with security incidents continues to grow, the survey of nearly 600 organisations revealed that many organisations are still not sold on the benefits of cyber insurance and are hesitant to purchase a policy.
However, according to a separate poll in the Spiceworks Community, 11% of organisations without coverage plan to purchase a cyber insurance policy within the next two years.
Cyber security insurance drivers
The study shows that increased priority on security is a top driver of cyber insurance adoption, with 71% of organisations purchasing cyber insurance as a precautionary measure, while 44% cited an increased priority on cyber security as the reason they bought a policy.
The risk of managing large volumes of personal data also drove 39% of organisations to purchase cyber insurance. This is likely to be linked to the growing number of data protection requirements around the world, such as the EU’s General Data Protection Regulation (GDPR). However, less than 15% purchased a policy due to a recent security incident or data breach.
When comparing the prevalence of cyber security insurance policies in North America and Europe, the regulatory environment and impact of new regulations such as GDPR become apparent, the report said.
Only 4% of organisations in North America purchased cyber security insurance because of new data protection regulations, compared with 43% in Europe.
Across both regions, 52% of companies with cyber security insurance have a coverage limit between $1m and $5m, 19% have a coverage limit between $6m and $10m, and 16% are covered for more than $10m. However, the results showed only 7% had ever filed a claim with their cyber insurance provider.
Among the companies that do not carry cyber insurance, the lack of knowledge about cyber insurance was found to be one of the top three reasons why they have not purchased a policy. Some 36% of IT professionals said their organisation was not covered due to a lack of knowledge about cyber insurance, while 41% said it was not a priority at their organisation, and 40% said they didn’t have budget for it.
Additionally, 33% of organisations have not purchased a policy because they are not sold on the benefits, and 20% reported insufficient use cases for cyber insurance, while 12% said they were not confident claims would be paid out.
If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOW