FICO Survey: Most US Firms Have Cybersecurity Insurance -- But Only 1 in 3 Say It Is Full Coverage
Wednesday, August 22nd, 2018
The number of U.S. firms with cybersecurity insurance has risen in the past year — but less than a third say their cyber insurance covers all risks. The second annual cybersecurity survey from research and consultancy firm Ovum, for Silicon Valley analytics firm FICO, found that the number of U.S. firms reporting they have no cybersecurity insurance dropped from 50 percent in 2017 to 24 percent in 2018. This places the U.S. at the exact average reported across all 11 countries surveyed, but lagging behind Canada, India and the UK. Further, only 32 percent of U.S. firms said their cybersecurity insurance covers all risks.
"It's is great to see that progress is being made but still surprising, that nearly a quarter of U.S. firms surveyed have no cybersecurity insurance coverage," said Doug Clare, vice president for cybersecurity solutions at FICO. "Given the number of large-scale and very public breaches in recent years, it's not surprising that we've seen a big increase in US organizations investing in it over the past 12 months, but there's still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive."
Last year, U.S. companies had the lowest levels of cyber insurance coverage of all the countries surveyed. This year coverage has increased. However, only a quarter — just 26 percent — of firms said their insurer based their premiums on an accurate analysis of their risk profile. Most firms said premiums are based on an inaccurate analysis, on industry averages or on unknown factors.
U.S. Healthcare firms were the most likely to have no cybersecurity insurance — 70 percent reported this, compared to just 10 percent of financial services firms
"Although US organizations now perform well in terms of the uptake of cyber insurance, the fact that only 32% have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance," said Maxine Holt, research director at Ovum. "It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 76% of US organizations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially."
Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in financial services, telecommunications, retail and ecommerce, and power and utilities.