Too much trust being put into cyber insurance: report

Too much trust being put into cyber insurance: report | Insurance Business

Too much trust being put into cyber insurance: report
The financial services industry is placing its trust in cyber insurance rather than companies ensuring their own security defences are up to scratch, new research from global security firm WebSense has revealed.

The sector suffered 300% more cyber-attacks in 2014 than any other sector, the report found, as well as discovering certain malware families were observed up to 400% more frequently in financial services than the norm.

However, the investigation also found evidence that companies operating in the area may be putting their faith in the relatively new field of cyber insurance rather than ensuring they are as secure as possible.

Carl Leonard, WebSense’s principal security analyst, said: “Insurance is not going to solve the underlying root problem of being able to understand what threats you are faced with and how best to mitigate those.”

He told IT Pro companies needed to focus on making sure they have the best security posture possible, so they can work dynamically, embrace new technologies and work in a fast-paced environment, rather than simply focusing on cyber insurance.

“I think we’re going to get to the point where it’s up to businesses to show that they have necessary steps to show they have done all they can to mitigate risk,” he said.

The WebSense report was released the same week as the Insurance Council of New Zealand’s (ICNZ) own research on the subject, which revealed New Zealand businesses had a fair way to go before they could be accused of relying too heavily on cyber insurance.

ICNZ found three out of four people (76%) think Kiwi businesses are not well prepared to manage computer hacking and keep data secure and confidential.

The Council also cited a PwC report which showed there was a 48% increase in cyber incidents in 2014 and also referred to a study by Marsh UK which revealed that almost two thirds (61.1%) of respondents said their company had made no loss estimate for the financial impact of a cyber-attack.

Only 16.6% of respondents said cyber was one of the top five risks on their company’s risk register.

ICNZ CEO Tim Grafton said: “We know from Insurance Council data that 29% of businesses in New Zealand don’t have insurance at all and a very high percentage will not have cyber insurance cover.

“Our guess is that the New Zealand equivalent statistics of [the Marsh] report would be even lower and many businesses in New Zealand won’t have a complete understanding of their cyber risk exposure and how they can minimise that.”

ICNZ was attempting to raise awareness of the potential devastation a lack of cyber insurance can have particularly on SMEs as part of the Government’s Connect Smart Week initiative, which ran last week.