Nearly three-quarters of UK companies have no insurance against a hack attack, according to a new survey, which also exposes widespread scepticism about whether policies would pay out.
This is despite the fact that over half – 54% – have seen an increase in cyber threats over the past 12 months, and a raft of high profile cases including Sony, News International, M&S and Mothercare.
The survey of data security chiefs found that just 27% had definitely taken out insurance against e-crime, while the same percentage said they knew their organisations were insured against online-related data loss.
KPMG UK head of information security Malcolm Marshall said: “Businesses should be acutely aware of e-crime risks after various recent high-profile cyber attacks against big organisations. But they aren’t taking out insurance for a number of reasons.”
He said that “not many out there know or understand” what insurance is available and added: “Many are also sceptical about the effectiveness of current policies and whether insurers will actually pay out against e-crime claims.”
These fears are grounded in reality, given the fact that the company which insured Sony – Zurich American Insurance – recently started legal action to avoid paying compensation for the brand’s data breach.
Some 41% of organisations surveyed said their lack of knowledge of potential vulnerabilities was leaving them open to attack. Subsequently, 51 per cent admitted they either do not have or do not know whether their organisation has a strategy for dealing with e-crime risk.
The study, by KPMG and AKJ Associates, surveyed 200 chiefs from global businesses and FTSE 100 companies.
Related stories
Sony legal threat sparks warning
E-tailers warned to tighten security
Cost of hack attack soars 70%
Hacker exposes Sun reader data