June 1, 2017 by Canadian Underwriter
More than a third of surveyed Canadian firms do not have cyber security insurance, a concerning situation made worse by an incomplete understanding of how premiums are priced and failure to do everything possible to guard against breaches, FICO notes.
In all, 36% of polled Canadian security executives say their firms have no cyber security insurance, notes a press release Wednesday from U.S.-based analytics firm FICO.
The telephone survey conducted by research and consulting firm Ovum on behalf of FICO involved senior officers and senior security executives at 350 companies based in Canada, the United States, the United Kingdom and the Nordics this past March and April. Respondents represented firms in financial services, telecommunications, healthcare, retail, ecommerce and Internet service providers.
The percentage of Canadian businesses with cyber security insurance is lower than the 50% for surveyed respondents in the U.S. and the 40% for respondents globally.
Related: Canadian companies lag in cybersecurity investments, survey finds
While polled Canadian businesses are ahead of some countries with regard to cyber security risk insurance, they “still have a long way to go” to fully protect themselves in the event of a data breach, FICO cautions in the statement.
Perhaps more positive, though, is the finding that “these organizations are significantly more responsible than many of their global counterparts when it comes to insurance.”
Just 16% of surveyed Canadian organizations report they have no intention of taking out cyber risk insurance, considerably less than the 27% of polled U.S. executives.
Still, there appears to be a perception among polled businesses that insurers can provide more help. Overall, 80% of respondents say insurers could do more to help organizational decision-makers understand how risk price structure is calculated.
Results indicate that “there is still confusion in Canada and other countries about how cyber security insurance premiums are set,” FICO reports.
More than a quarter of respondents, 26%, note that they feel the “introduction of an established industry standard to benchmark cyber security risk would be beneficial.”
Related: Cyber insurance policies expected to become more similar in next few years: CIFF speaker
The observation reflects the finding that 20% of respondents believe “the premiums calculated based on their business do not accurately reflect their risk profile.”
Even among those who do have cyber security insurance, just 18% of respondents say they have insurance that covers all likely risks.
“It’s important for businesses to assess the strength of their cyber security defences and to make sure they are covered if they are faced with a data breach,” Kevin Deveau, vice president and managing director of FICO Canada, says in the statement.
“The ripple effect of a breach can be felt throughout the organization for a very long time, especially now that Canada’s Digital Privacy Act will require organizations to report any breaches to regulators and customers,” Deveau (pictured right) maintains.
What businesses need to be cyber-ready, FICO reports, “is an across-business approach to cyber security that involves business-focused protection systems and the skills and levels of authority needed to support the technology.”
Related: “Slow but steady” trend in take-up rates among U.S. cyber insurance clients: Council of Insurance Agents & Brokers
Have your say: