Around half of senior information security professionals that have invested in cybersecurity insurance are skeptical about whether their provider will actually pay out if needed, according to new research from KPMG.
The consultancy asked IT pros whose employers are members of its International Information Integrity Institute (I-4) and found surprisingly that three quarters (74%) had no insurance in place at all to cover potential losses incurred from a cyber-attack.
That’s despite 79% claiming they think online threat will increase over the next year. Three quarters (74%) said they thought financially motivated cyber-criminals and nation state-backed hackers pose the biggest threat.
But for those who have invested, 48% are worried they won’t receive a payout if needed, while nearly a third (30%) said they didn’t think the cyber insurance market is mature enough yet.
“I think the cyber insurance industry isn’t very mature in terms of the ability to risk assess or to provide services (which is why they typically use experienced providers), but they are very experienced as insurers generally,” KPMG cyber insurance expert Anthony Hess told Infosecurity by email.
“I think that businesses can expect a comparable level of service that they always get in terms of claims and paying against them,”
Hess added that the biggest barrier facing insurers in the IT security space is around “communicating and understanding cyber.”
“They already understand and communicate insurance quite well,” he argued. “This isn’t difficult for them when both sides of the table are speaking the language of risk, but they often need help on the cyber side of things.”
KPMG’s findings are somewhat at odds with news that emerged in April that Lloyd’s of London had seen a 50% year-on-year increase in submissions for cyber insurance with the vast majority (70%) first time purchasers.
The UK government has also been doing its best to take a lead on the issue, producing a report in March on the role of insurance in managing and mitigating risk.
It argued that insurance could be valuable in encouraging firms to take concrete steps to improve their security with the promise of lower premiums.