8 out of 10 businesses don't have cyber-attack insurance

28 February 2020 Consultancy.uk

With the rise of cyber-crime now costing firms in the UK billions, many companies have sought to upgrade their defences against hostile outsiders. However, according to a recent study, more than eight in 10 businesses have neglected to take out insurance policies against the impacts of a potential breach, leaving them increasingly exposed in the current environment.

Having exploded onto the corporate agenda in the last decade, as digital transformation efforts have increasingly left organisations vulnerable to hackers, cybercrime will remain a large-scale concern for years to come. According to an Accenture report in collaboration with the World Economic Forum, between 2019 and 2023, approximately $5.2 trillion in global value will be at risk from cyber-attacks, creating an on-going challenge for corporations and investors alike.

Despite the huge cost of cyber-breaches, however, new research has found that the vast majority of firms do not have specialist insurance to cover them against the cost and impact of a cyber-attack. The study from global insurance broker Gallagher looked at the amount of UK businesses leaving themselves prone to ‘silent’ cyber risks, and found 2.3 million UK business leaders say cyber-attacks are one of their biggest concerns – but 82% do not have specialist cyber-security insurance in place.

8 out of 10 businesses don't have a cyber-attack insurance

This partially seems to be because companies feel other forms of preparation make insurance superfluous. A large 42% of respondents said they had invested in out-of-the-box technology to protect them, and 39% had sought external advice to further bolster their defences. These practical steps businesses can help protect against cyber-attacks, but according to Gallagher, unfortunately the risk remains significant and many businesses are leaving themselves exposed to financial and reputational damage if they do not consider having specialist insurance in place.

Tom Draper, Head of Cyber at Gallagher, said, "Many businesses are leaving themselves exposed to financial and reputational damage if they do not consider having specialist insurance in place. It is evident from our research that many bosses believe they are covered in the event of a cyber-attack, however traditional or off-the-shelf business insurance policies do not typically provide cover for cyber related issues.”

The most common type of cyber issue to impact UK businesses is phishing attacks, which hit 80% of businesses, while a further 28% said impersonation in emails or online was a problem, and 27% said they had dealt with viruses, spyware or malware, including ransomware attacks.

It is not just large businesses which are the target, either. According to the researchers, mid-size businesses are particularly exposed to business damage, but 46% believe that cyber-attacks are ‘mainly an issue for bigger organisations.’ Similarly, only 19% of small businesses expect to be targeted.

Draper added, “While there is evidence to suggest larger businesses are more commonly targeted, small and mid-size businesses are still very much exposed to cyber security breaches or attacks and may not have sophisticated protection in place like large businesses, and cyber criminals will be aware of this vulnerability. They are also liable to be caught up in cyber-attacks aimed at third party suppliers or those targeted at common systems and software, such as the cloud, on which their business may rely."