Due to the increasing number of cyber-attacks on businesses, the need for better cybersecurity practices and cyber insurance is evident. However, it appears businesses still do not do enough to protect themselves from cybercrime. A new Risk:Value report reveals some astonishing results from over 1,000 non-IT business decision makers around the world. While executives understand the costs and reputational damages following a cyber-attack or data breach, just 41 percent of companies surveyed are covered for both cyber-attacks and data loss. On the other hand, a quarter of respondents are “certain” they will be hit with an attack or breach while another 40 percent are “pretty sure” they will be hit. Additionally, three quarters of those surveyed “do not believe that all of their business data is completely secure.” One would expect that these frightening numbers would drive up cyber insurance and cybersecurity purchases but clearly, many organizations continue to maintain the “it won’t ever happen to me” mindset.
Garry Sidaway, SVP Security Strategy & Alliances, NTT Com Security also warns organizations that proper cybersecurity practices extend far beyond the purchase of cyber insurance as protecting data on the front end should be the primary focus. “Faced with risks every day, it’s easy for organizations to look for quick-fix solutions rather than focusing on building a solid security and risk management strategy,” says Sidaway. “Rather than relying solely on an insurance policy to cover losses, businesses need a different game plan. Buy insurance by all means, but ensure that you can demonstrate that you have put controls in place to reduce your risks, and, what these controls cover – this way you know what is being insured.” Unfortunately, this point clearly is not getting through as the report also notes that only half the respondents have a full information security policy in place.