Lack of clarity hinders cybersecurity insurance investment

data-protection DXC Blogs

Despite the increase in data breaches and their costs, many enterprise security professionals say their organizations don’t currently have cybersecurity insurance. But that may be changing.

According to a recently released survey (registration required) commissioned by analytics software provider FICO, about 60 percent of respondents have some level of cybersecurity insurance. Add in those who say they will include cybersecurity insurance in their risk management program in the next year, and the number surpasses 80 percent.

Cybersecurity insurance, of course, is designed to help enterprises better manage risks associated with their business-technology systems. The survey included IT directors, senior managers and a mix of CIOs, CISOs, CROs, CTOs and other security managers in North America (U.S. and Canada) and Northern Europe (Nordic markets of Finland, Norway, and Sweden as well as the UK).

Look beyond the headline numbers, and the adoption of cybersecurity insurance does not seem as rosy as it appears on first blush. Only 20 percent of respondents have what FICO defined as “comprehensive” insurance. When broken down by nations, only 16 percent of respondents in the U.S. have it.

Of the 80 percent who don’t have comprehensive cybersecurity insurance, upwards of 20 percent have yet to be persuaded that cybersecurity insurance provides adequate value. I would be interested in seeing how business leaders classify “value” — and why so many think it’s lacking.

FICO concluded that organizations are still hesitant when it comes to insurance because of confusion in the market, citing “cost and lack of clarity about charging structures.” In addition:

  • Only 25 percent of survey respondents believe that premiums give a genuine reflection of the risk profile of their organization.
  • More respondents, close to 30 percent in some countries, and around 40 percent in the UK, said that premium calculations are unclear, or that the assessment is not a true reflection of their organization’s risk profile.

Interestingly, the healthcare industry may be the most underinsured. In that industry, 75 percent of those surveyed reported their organizations don’t have cybersecurity insurance.

Still one thing is clear: Any hesitancy isn’t due to a feeling that threats will somehow wane. According to the survey, 61 percent of respondents expect attacks to rise next year.


Has the time for cybersecurity insurance come?

Cyber insurance: State of play

Negative consequences of IoT could extend beyond cybersecurity



  1. […] Lack of clarity hinders cybersecurity insurance investment […]

  2. […] Lack of clarity hinders cybersecurity insurance investment […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.