More than 80% of UK businesses still don’t have cyber-related insurance despite widespread recognition of the risks associated with rising threat levels, according to Gallagher.
The insurer polled 1000 UK business leaders in organizations of various sizes, and nearly two-fifths (39%) cited cyber-attacks as one of their biggest concerns. However, 82% claimed not to have specialist insurance.
Gallagher argued that many firms may be buying catch-all policies which may not pay out in the event of a serious security breach, while others either underestimate cyber-threats or have too much confidence in their ability to defend against attacks.
It claimed that nearly half (46%) of respondents from mid-sized firms believe that cyber-attacks are “mainly an issue for bigger organizations.”
Of course, the stats show that, while sophisticated targeted attacks may only strike larger companies, firms of all sizes are regularly the subject of automated cyber-raids. ISP Beaming warned in January that the average UK firm was hit by over half a million attempts to compromise systems last year, a 152% increase on 2018.
Network device admin tools and IoT endpoints like connected security cameras and building control systems were most commonly targeted, followed by file sharing platforms.
Tom Draper, head of cyber at Gallagher, added that smaller firms may also be compromised in an attempt to reach higher value clients and partners.
“Clearly there are practical steps businesses can take to help protect against cyber-attacks, but unfortunately the risk remains significant and many businesses are leaving themselves exposed to financial and reputational damage if they do not consider having specialist insurance in place,” he argued.
“It is evident from our research that many bosses believe they are covered in the event of a cyber-attack, however traditional or off-the-shelf business insurance policies do not typically provide cover for cyber-related issues.”
Big-name organizations including Cadbury-owner Mondelez and law firm DLA Piper are currently involved in litigation with their insurers over failure to pay-out following the NotPetya ransomware worm of 2017, highlighting the importance of nailing down the small print in policy documents.