New insurance products launched to protect businesses from suffering the losses of cyber-attacks have been met with great scepticism, according to an audit firm.
A survey of senior information security people, whose organizations are members of KPMG’s International Information Integrity Institute (I-4), found that the most common reason for not purchasing a cyber insurance policy was the belief that insurers would not actually pay out on a claim.
Distrust around insurers honoring their contracts is leaving businesses vulnerable to the effects of cybercrime. Seventy-four per cent of those surveyed stated their businesses had no cyber insurance in place. This is despite 79 percent believing that cyber security threats are likely to increase over the next 12 months, with three quarters (74 percent) perceiving organized crime and state sponsored activity to pose the biggest threat. For those whose businesses have purchased cyber insurance, 48 percent think that the policies may not pay out if they need it.
Mark Waghorne, Head of KPMG’s International Information Integrity Institute, says: “It is worrying to see that so many businesses would rather risk having no insurance in place to protect themselves against a threat they believe is very real. It is also disappointing that cyber insurance is viewed as providing little comfort to those who have it, as almost half do not believe they would be compensated properly if push came to shove.”
Waghorne also stated, “Of the information security professionals we spoke to, 30 percent believed the market for cyber insurance does not appear to be sufficiently mature yet. Insurers will need to deliver more comprehensive packages in order to convince the business community that they can and will protect against losses on cybercrime. However, discussions during a later debate at the most recent I-4 Forum showed that the availability of focused cyber related insurance has much improved during the past year with clear evidence that carriers do pay out. This indicates that organizations which have avoided cyber insurance in the past should perhaps revisit their positions.”
