The 2011 report – which drew on a survey of 200 senior security managers from global businesses – found that 78% of UK IT security professionals said their firms either have now insurance, or that they were not aware that they have insurance in place. This is despite more than half of respondents (54%) seeing an increase in the e-crime threat level in the last 12 months.
Interestingly, just over a quarter (27%) said they had taken out insurance against interruption of business by hackers, whilst a further 27% said they know their organisations are insured against e-crime-related data loss.
Malcolm Marshall, UK Head of Information Security at KPMG, said that businesses should be acutely aware of e-crime risks after various recent high-profile cyber attacks against big organisations. But, despite this, he added they are not taking out this type of insurance for a number of reasons.
“Not many out there know or understand what insurance is available. Many are also sceptical about the effectiveness of current policies and whether insurers will actually pay out against e-crime claims”, he explained.
This lack of awareness of what the report calls the increasingly unpredictable e-crime threat also appears to be hampering organisational response, notes the report.
Two fifths (41%) of organisations said their lack of knowledge of potential vulnerabilities is leaving them open to attack. And as a result, half (51%) admitted they do not have - or don’t know - whether their organisation has, a strategy for dealing with e-crime risk.
Delving into the 31-page report also shows that more than half (58%) of CISOs are experiencing problems prioritising detection and, a similar proportion (54%), the investigation of e-crime incidents.
On this topic, Marshall observes that the threat landscape is changing by the day and it looks like organisations are floundering as they try to protect themselves. You need, he says, to act fast to create strategies that enable them to prevent, detect, respond and learn from attacks.
Other major risk-raisers identified in the report include employees using the same devices for business and personal use (83%) and the use of consumer technology in the enterprise (92%), such as smart phones and tablets.
Marshall concludes that, whilst innovations like cloud and mobile computing deliver cost savings and efficiencies, security needs to be built in from the start to avoid the risks destroying the benefits.