FICO survey: more than one-third of Canadian firms without cybersecurity insurance
“Canadian firms are ahead of the curve when it comes to cybersecurity risk insurance, but over one-third (36 per cent) have not taken out cybersecurity insurance at all.” Those are key findings in a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO, which reveals that even among those that have insurance, only 18 per cent say they have cybersecurity insurance that covers all likely risks.
Although the survey showed the efforts Canadian organizations still have to take to ensure they are fully protected in the event of a cyber-attack, it also shows that these organizations are “significantly more responsible” than many of their global counterparts when it comes to insurance — especially when compared to the U.S. While only 16 per cent of Canadian organizations say they have no intention of taking out cyber-risk insurance, more than a quarter (27 per cent) of surveyed U.S. executives responded the same way.
“Without cyber-risk insurance, organizations are leaving themselves in a very vulnerable position,” said Kevin Deveau, vice-president and managing director of FICO Canada. “It’s important for businesses to assess the strength of their cybersecurity defences and to make sure they are covered if they are faced with a data breach. The ripple effect of a breach can be felt throughout the organization for a very long time, especially now that Canada’s Digital Privacy Act will require organizations to report any breaches to regulators and customers.”
There is still confusion in Canada and other countries about how cybersecurity insurance premiums are set, the report noted. Eighty per cent of Canadian firms feel that more could be done to help organizational decision makers understand how risk price structure is calculated. More than a quarter of respondents (26 per cent) feel that the introduction of an established industry standard to benchmark cybersecurity risk would be beneficial. Currently, 20 per cent feel that the premiums calculated based on their business do not accurately reflect their risk profile.
Ovum conducted the survey for FICO through telephone CXOs and senior security officers in 350 companies based in Canada, the US, the UK, and the Nordics in March and April 2017. The respondents represented firms in financial services, telecommunications, healthcare, retail, ecommerce and Internet service providers.