FICO Survey: Half of US Firms Don’t Have Cybersecurity Insurance

More than a quarter of US firms in survey by FICO and Ovum say they are not planning to take out cybersecurity insurance

Highlights:

50 percent of US executives surveyed say their firm has no cybersecurity insurance, compared to 40 percent in other countries surveyed
27 percent of US executives say their firms have no plans to take out cybersecurity insurance, despite 61 percent of executives stating they expect the volume of attempted breaches to increase in the next year
Only 16 percent of US firms surveyed have cybersecurity insurance that covers all risks
Ovum conducted telephone surveys for FICO of security executives at 350 companies in the US and other countries

A full 50 percent of US firms do not have cybersecurity risk insurance, despite the fact that 61 percent of US firms expect the volume of cyber breaches to increase in the next year. These findings come from a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO, which also reveals that even among those that have insurance, only 16 percent said they have cybersecurity insurance that covers all risks. This puts the US well behind the UK and Canada, among other countries.

FICO will host a Tweet Chat on the cybersecurity survey with Ovum tomorrow at 11:00 AM EDT. Individuals are encouraged to participate using #cybertrends.

In the US, the healthcare industry is particularly behind on protecting itself with cybersecurity risk insurance. None of the healthcare firms represented in the survey have insurance that covers all risk, while 74 percent have no cybersecurity insurance at all.

“With so many firms concerned about a rise in the likelihood of cyber breaches in the next year, it’s troubling to see that half of them don’t have any cybersecurity insurance protection,” said Bob Shiflet, who oversees fraud and financial crime solutions at FICO. “There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable.”

US executives identified several ways by which the risk assessment process insurers use could improve. Twenty-nine percent say that insurers should provide clear guidelines about how premiums are chosen, 28 percent would like clearer communications as to why premium adjustments happen and 23 percent would like insurers to introduce an industry standard for benchmarking cybersecurity risk.

Ovum conducted the survey for FICO through telephone interviews with 350 CXOs and senior security officers based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, retail, ecommerce and media service providers.

For more information, read the FICO white paper: http://www.fico.com/en/latest-thinking/white-paper/what-the-c-suite-needs-to-know-about-cyber-readiness