UK firms still have lower levels of cybersecurity maturity than their US counterparts, according to newly revealed stats from a leading global underwriting firm.
CFC Underwriting made the claim after analyzing figures which revealed UK organizations made a disproportionately high number of claims in 2016 relative to the number of these firms on its books.
The UK represents just 8% of CFC’s policy count yet 17% of its claims count, a spokeswoman told Infosecurity.
Privacy breaches (31%) accounted for the biggest number of claims, followed by financial loss (22%) and ransomware (16%). Malware accounted for just 7% of claims, just ahead of DDoS attacks (5%), “unauthorised access to systems” (5%), and business interruption (4%).
It’s also noteworthy that the vast majority of claims (90%) are made by firms with annual revenue of less than £50 million, although they apparently hail from a variety of industries.
Claims on policies are said to be up 78% on the previous year – highlighting the fact that breaches continue to occur apace, despite not being publicized.
That’s because the UK currently has no mandatory breach notification laws, unlike the US.
But this will change with the introduction of the European General Data Protection Regulation (GDPR) in 2018, after which time we’ll have a better idea of just how prevalent such security incidents are in the UK.
British organizations will need to get their house in order well before then, yet recent research found that more than half still haven’t advanced readiness plans.
The Payment Card Industry Security Standards Council (PCI SSC) estimated that if incidents stay at the levels revealed by the last PwC Information Security Breaches Survey then UK firms could be facing fines in excess of £120 billion under the new laws.
The GDPR will levy fines of up to 4% of global annual turnover or €20 million (£18m) – whichever is greater. That alone should be enough to drive up cybersecurity maturity levels in the UK.