Full coverage of cybersecurity insurance increases from 18 per cent to 40 per cent since last year, according to annual global cyber-risk survey

Highlights:

  • 40 per cent of Canadian firms surveyed have cybersecurity insurance that covers all likely risks – an increase of 22 percent from 2017
  • Canada’s financial services companies are the most prepared to combat cyber-risk. Fifty-six percent of Canada’s financial services companies have full cyber-risk insurance coverage, while 38 percent have some insurance coverage for cyber-risk
  • Ovum conducted telephone surveys for FICO of security executives at 500 companies in Canada and 10 other countries

The number of Canadian firms with full cybersecurity insurance has risen dramatically in the past year — 40 percent have cybersecurity insurance that covers all likely risks. The second annual cybersecurity survey from research and consultancy firm Ovum, for Silicon Valley analytics firm FICO, found that the number of Canadian firms reporting they have no cybersecurity insurance dropped from 36 percent in 2017 to 22 percent in 2018. However, nearly half of Canadian respondents who have cybersecurity insurance said it only covers some risks.

More information: http://www.fico.com/en/latest-thinking/ebook/canada-views-from-the-c-suite-survey-2018

Canada’s financial services companies are the most prepared to handle cyber-risk. Fifty-six percent of respondents in this industry have full cyber-risk insurance coverage, an increase from only 23 percent who indicated they had full coverage a year ago. They also have the in-house capabilities to understand the risk of suffering a breach in the upcoming year, with 63 percent saying they have software that provides a score that tells them what their likelihood of a breach is (compared to 41 percent globally).

While 70 percent of respondents in retail and e-commerce said they have some form of cyber-risk insurance, half (50 percent) of those in the same industry don’t believe their coverage is reflective of the risk profile of their business.

Power and utilities firms are the most exposed to risk without cybersecurity insurance coverage — 60 percent reported they have not taken out cyber-risk insurance, compared to just 6 percent of financial services firms in Canada. A full 40 percent of power and utilities firms surveyed said they don’t intend to take out cybersecurity insurance.

“Canada’s companies are well-aware of the threat of cyber-risk, and the uptake of comprehensive cybersecurity insurance is a testament to that,” said Kevin Deveau, vice president and managing director, FICO Canada. “However, there is still a long way to go, with many companies still out there that either have inadequate cybersecurity insurance or none at all. Not only is it important to obtain cybersecurity insurance, but to also ensure it matches the risk profile of the organization.”

“Although Canadian organizations perform well in terms of the uptake of cyber insurance, the fact that only 40% have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance,” said Maxine Holt, research director at Ovum. “It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; almost 80% of Canadian organizations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially.”

Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from Canada, the UK, the US, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in financial services, telecommunications, retail and ecommerce, and power and utilities.

Last month, FICO announced that it is offering free subscriptions to the Portrait portal of the FICO® Enterprise Risk Suite, which gives businesses access to their FICO® Enterprise Security Score. The score, a machine learning-based cybersecurity rating service, can show organizations how business partners and cyber insurance underwriters see their network security, and can help them benchmark their performance. More information is at http://securityscore.fico.com.

Source:  FICO Press Release