UK organizations are far behind their US counterparts when it comes to implementing cyber insurance policies, with CISOs on both sides of the Atlantic disappointingly left out of key decisions, according to the Corporate Executive Programme.
The not-for-profit security group claimed in the latest of its CEP 2020 series of white papers that 40% of US respondents have some form of cybersecurity insurance, as opposed to just 13% of UK firms.
In the billion pound revenue range, organizations favored ‘self insurance’ (33%) – that is, setting aside their own money to deal with any potential losses or incidents.
However, firms in the million pound revenue range were most likely to seek cover through existing business insurance policies (32%).
Eset security specialist, Mark James, argued that many British firms still don’t perceive the UK as a major target for cyber-attacks, so the associated revenue hit is viewed as minimal.
“We in the UK have not adopted the lawsuit culture that exists in the States, so therefore the general practice seems to be: notify the public if we need to, say sorry, say we are working to stop it happening again, and then move along quickly and quietly,” he told Infosecurity.
However, it’s only a matter of time before the cyber-criminals look to target smaller countries, and UK firms realize that fines and lawsuits will follow if they are found to be negligent when it comes to cybersecurity.
“Companies will then have to consider insurance to protect them and have funds available to cover the impact it has on our daily lives,” he added. “Sadly it seems the only way to make companies listen is to target their profits.”
The CEP report also found that although 57% of responding organizations had a CISO position, only 20% of these took out cyber insurance.
In no single organization was the CISO responsible for cyber insurance purchasing. Instead legal (50%), head of risk (25%), or a board room exec (25%) made the decision.
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/just-13-of-uk-firms-cyber-security/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, IT Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.