More Than One-Third of Canadian Firms Do Not Have Cybersecurity Insurance

While ahead of global averages, Canadian businesses still have a long way to go to fully protect themselves in the event of a data breach, according to a survey by FICO and Ovum

Highlights

  • 36 percent of Canadian security executives surveyed say their firm has no cyber security insurance, compared to 50 percent in the U.S. and 40 percent globally;
  • 80 percent of respondents say insurers should do more to explain how they price risk coverage;
  • Ovum conducted telephone surveys for FICO of security executives at 350 companies in Canada and other countries;
  • US results and UK figures were comparable.

Toronto, ON (June 2, 2017) – Canadian firms are ahead of the curve when it comes to cybersecurity risk insurance, but over one-third (36 percent) have not taken out cybersecurity insurance at all. Those are key findings in a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO, which reveals that even among those that have insurance, only 18 percent say they have cybersecurity insurance that covers all likely risks.

Although the survey showed the efforts Canadian organizations still have to take to ensure they are fully protected in the event of a cyber-attack, it also shows that these organizations are significantly more responsible than many of their global counterparts when it comes to insurance — especially when compared to the U.S. While only 16 percent of Canadian organizations say they have no intention of taking out cyber-risk insurance, more than a quarter (27 percent) of surveyed U.S. executives responded the same way.

“Without cyber-risk insurance, organizations are leaving themselves in a very vulnerable position,” said Kevin Deveau, vice president and managing director of FICO Canada. “It’s important for businesses to assess the strength of their cybersecurity defences and to make sure they are covered if they are faced with a data breach. The ripple effect of a breach can be felt throughout the organization for a very long time, especially now that Canada’s Digital Privacy Act will require organizations to report any breaches to regulators and customers.”

There is still confusion in Canada and other countries about how cybersecurity insurance premiums are set. 80 percent of Canadian firms feel that more could be done to help organizational decision makers understand how risk price structure is calculated. More than a quarter of respondents (26 percent) feel that the introduction of an established industry standard to benchmark cybersecurity risk would be beneficial. Currently, 20 percent feel that the premiums calculated based on their business do not accurately reflect their risk profile.

White Paper

For more information, read our white paper: “What the C-suite Needs to Know About Cyber-readiness.”

About the Survey

Ovum conducted the survey for FICO through telephone CXOs and senior security officers in 350 companies based in Canada, the US, the UK, and the Nordics in March and April 2017. The respondents represented firms in financial services, telecommunications, healthcare, retail, ecommerce and internet service providers.

About FICO

FICO (NYSE: FICO) powers decisions that help people and businesses around the world prosper. Founded in 1956 and based in Silicon Valley, the company is a pioneer in the use of predictive analytics and data science to improve operational decisions. FICO holds more than 170 US and foreign patents on technologies that increase profitability, customer satisfaction and growth for businesses in financial services, telecommunications, health care, retail and many other industries. Using FICO solutions, businesses in more than 100 countries do everything from protecting 2.6 billion payment cards from fraud, to helping people get credit, to ensuring that millions of airplanes and rental cars are in the right place at the right time.

Learn more at www.fico.com.

FICO is a registered trademark of Fair Isaac Corporation in the U.S. and other countries.

About Ovum

Ovum is a market-leading research and consulting firm focused on helping digital service providers and their vendor partners thrive in the connected digital economy. Through its 150 analysts worldwide, it offers expert analysis and strategic insight across the IT, telecoms, and media industries. Founded in 1985, Ovum has one of the most experienced analyst teams in the industry and is a respected source of guidance for technology business leaders, CIOs, vendors, service providers, and regulators looking for comprehensive, accurate, and insightful market data, research, and consulting. With 23 offices across six continents, Ovum offers a truly global perspective on technology and media markets and provides thousands of clients with insight including workflow tools, forecasts, surveys, market assessments, technology audits, and opinion.

Ovum is part of the Business Intelligence Division of Informa plc, a leading business intelligence, academic publishing, knowledge and events group listed on the London Stock Exchange. For more information, visit ovum.informa.com.



Half of US Firms Don’t Have Cybersecurity Insurance

More than a quarter of US firms say they are not planning to take out cybersecurity insurance

Highlights

  • 50 percent of US executives surveyed say their firm has no cybersecurity insurance, compared to 40 percent in other countries surveyed;
  • 27 percent of US executives say their firms have no plans to take out cybersecurity insurance, despite 61 percent of executives stating they expect the volume of attempted breaches to increase in the next year;
  • Only 16 percent of US firms surveyed have cybersecurity insurance that covers all risks.

San Jose, CA (June 2, 2017) – A full 50 percent of US firms do not have cybersecurity risk insurance, despite the fact that 61 percent of US firms expect the volume of cyber breaches to increase in the next year. These findings come from a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO, which also reveals that even among those that have insurance, only 16 percent said they have cybersecurity insurance that covers all risks. This puts the US well behind the UK and Canada, among other countries.

In the US, the healthcare industry is particularly behind on protecting itself with cybersecurity risk insurance. None of the healthcare firms represented in the survey have insurance that covers all risk, while 74 percent have no cybersecurity insurance at all.

“With so many firms concerned about a rise in the likelihood of cyber breaches in the next year, it’s troubling to see that half of them don’t have any cybersecurity insurance protection,” said Bob Shiflet, who oversees fraud and financial crime solutions at FICO. “There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable.”

US executives identified several ways by which the risk assessment process insurers use could improve. Twenty-nine percent say that insurers should provide clear guidelines about how premiums are chosen, 28 percent would like clearer communications as to why premium adjustments happen and 23 percent would like insurers to introduce an industry standard for benchmarking cybersecurity risk.



Nearly One-Third of UK Firms Don’t Have Cybersecurity Insurance

Most UK firms say insurance industry should improve explanations of cybersecurity insurance pricing

Highlights

  • 31 percent of UK executives surveyed say their firm has no cybersecurity insurance, compared to 40 percent in other countries surveyed;
  • Only 28 percent of UK firms surveyed have cybersecurity insurance that covers all risks;
  • 69 percent of respondents say insurers should do more to explain how they price risk.

San Jose, CA (June 2, 2017) – UK firms are increasingly protecting themselves with cybersecurity risk insurance, but nearly a third of firms have not taken out insurance yet. A new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO reveals that even among those that have insurance, only 28 percent said they have cybersecurity insurance that covers all risks.

Even though the majority of firms surveyed have cybersecurity insurance, most say that the risk assessment process insurers use needs improvement. Just 31 percent of respondents think their premiums reflect an accurate assessment of their risk. Nearly as many, 29 percent, said they don’t believe the assessment accurately reflects their risk, and 11 percent said they don’t know how their insurance is priced.

“The UK will soon be subject to General Data Protection Regulation (GDPR), which introduces higher fines in cases of data breach,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “Even if attacks don’t increase in volume, firms could end up paying more, which makes having comprehensive insurance more important. At the same time, companies have a right to expect that they will pay less if their protection is better. The onus is on the cybersecurity insurance industry to make sure insurance rates are fairly set for each individual firm, based on a sound analysis of its risk.”

SOURCE: FICO