British companies are putting themselves at significant risk due to a lack of proper insurance protection against the effects of cyber-attacks, a government report has found.
The report, published in conjunction with insurance brokers Marsh, found that only two percent of large British firms have protection against cyber-attacks, with almost no small businesses set up in case of emergency.
This follows findings that 81 percent of large UK businesses and 60 percent of small companies suffered a cyber-security breach in the last year, with the cost of such attacks nearly doubling between 2013-2014.
In order to combat this, the report, entitled, “UK Cyber-Security, The Role of Insurance In Managing and Mitigating the Risk” lays out a new set of joint initiatives between the government and the insurance sector aimed at helping firms get to grips with cyber risk.
“The UK’s insurance market is world-renowned and we want it to be the same in relation to cyber risks. The market has extensive knowledge and experience of more established risks to help businesses manage and mitigate relatively new cyber risks,” said Cabinet Office Minister Francis Maude.
“Insurance is not a substitute for good cyber security, but is an important addition to a company’s overall risk management.”
The report, which was based on input from 13 London insurers and a number of large companies, found that, as larger firms increasingly depend on online distribution channels, they put themselves at risk to a wider range of ever more sophisticated attacks.
This includes recommendations that both sides combine their knowledge and data in order to boost awareness, with half of the business leaders interviewed for the report admitting they didn’t even know cyber insurance existed.
“While critical infrastructure in regulated sectors, such as banks and utility firms, are used to this kind of risk, most firms are not and their risk management practices are geared around lower-level, slower-moving risks,” said Marsh UK & Ireland chief executive Mark Weil.
“Companies will need to upgrade their risk management substantially to cope with the growing threat of cyber attack, including introducing disciplines such as stress-testing, and creating a joined-up recovery plan that brings together financial, operational and reputational responses”.
Among the report’s other recommendations are the promotion of the Government’s Cyber Essential Scheme, which can offer improved risk assessment and cyber security best practices, by insurers, in order to encourage greater adoption.
Marsh is planning to support this by launching a new cyber insurances product for SMEs which will deal with the cost of obtaining Cyber Essentials certification.
What do you know about famous hackers? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
When you consider that the rising number of cyber security attacks in the UK is estimated to have doubled between 2013 and 2014 in the UK, causing the economy billions of pounds, it is evident that business must improve the ways they manage this ever-growing cyber security risk. The need for cyber-insurance strategies is clear; however each business must also take responsibility for providing their own layers of strong online security to ensure enhanced security against external threats. Due diligence will reveal there are efficient and cost-effective ways to ensure a business is not exposed to a breach.
Increasing password security policies, for example, considerably boosts the security of any organisation. Such a step can also help companies ensure strong security policies are being integrated throughout the workforce, especially when accounts are being shared amongst colleagues. More undoubtedly needs to be done to stop the threat of cyber attacks in the UK. The good news is that a little common sense can help UK organisations sure up their defences without splurging on hugely expensive premiums.