24 percent of U.S. executives surveyed say their firm has no cybersecurity insurance.
Only 32 percent of U.S. firms said their cybersecurity insurance covers all risks.
Only 26 percent of U.S. firms said their insurer based their premiums on an accurate analysis of their risk profile.
Healthcare firms lag other industries, with 70 percent reporting they have no coverage.
Ovum conducted telephone surveys for FICO of security executives at 500 companies in the UK and 10 other countries.
The number of U.S. firms with cybersecurity insurance has risen in the past year — but less than a third say their cyber insurance covers all risks. The second annual cybersecurity survey from research and consultancy firm Ovum, for Silicon Valley analytics firm FICO, found that the number of U.S. firms reporting they have no cybersecurity insurance dropped from 50 percent in 2017 to 24 percent in 2018. This places the U.S. at the exact average reported across all 11 countries surveyed, but lagging behind Canada, India and the UK. Further, only 32 percent of U.S. firms said their cybersecurity insurance covers all risks.
"It's is great to see that progress is being made but still surprising, that nearly a quarter of U.S. firms surveyed have no cybersecurity insurance coverage," said Doug Clare, vice president for cybersecurity solutions at FICO. "Given the number of large-scale and very public breaches in recent years, it's not surprising that we've seen a big increase in US organizations investing in it over the past 12 months, but there's still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive."
Last year, U.S. companies had the lowest levels of cyber insurance coverage of all the countries surveyed. This year coverage has increased. However, only a quarter — just 26 percent — of firms said their insurer based their premiums on an accurate analysis of their risk profile. Most firms said premiums are based on an inaccurate analysis, on industry averages or on unknown factors.
U.S. Healthcare firms were the most likely to have no cybersecurity insurance — 70 percent reported this, compared to just 10 percent of financial services firms
"Although US organizations now perform well in terms of the uptake of cyber insurance, the fact that only 32% have comprehensive insurance demonstrates there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance," said Maxine Holt, research director at Ovum. "It could also show that these companies have a current security posture that insurers are not prepared to cover comprehensively. We should not detract from the positive news here; 76% of US organizations have elevated the importance of cybersecurity to a level that requires insuring, even if only partially."
Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in financial services, telecommunications, retail and ecommerce, and power and utilities.
Last month, FICO announced that it is offering free subscriptions to the Portrait portal of the FICO® Enterprise Risk Suite, which gives businesses access to their FICO® Enterprise Security Score. The score, a machine learning-based cybersecurity rating service, can show organizations how business partners and cyber insurance underwriters see their network security, and can help them benchmark their performance. More information is at http://securityscore.fico.com.
About FICO FICO (NYSE: FICO) powers decisions that help people and businesses around the world prosper. Founded in 1956 and based in Silicon Valley, the company is a pioneer in the use of predictive analytics and data science to improve operational decisions. FICO holds more than 185 US and foreign patents on technologies that increase profitability, customer satisfaction and growth for businesses in financial services, telecommunications, health care, retail and many other industries. Using FICO solutions, businesses in more than 100 countries do everything from protecting 2.6 billion payment cards from fraud, to helping people get credit, to ensuring that millions of airplanes and rental cars are in the right place at the right time. Learn more at http://www.fico.com
FICO is a registered trademark of Fair Isaac Corporation in the U.S. and other countries.
About Ovum Ovum is a market-leading research and consulting firm focused on helping digital service providers and their vendor partners thrive in the connected digital economy. Through its 150 analysts worldwide, it offers expert analysis and strategic insight across the IT, telecoms, and media industries. Founded in 1985, Ovum has one of the most experienced analyst teams in the industry and is a respected source of guidance for technology business leaders, CIOs, vendors, service providers, and regulators looking for comprehensive, accurate, and insightful market data, research, and consulting. With 23 offices across six continents, Ovum offers a truly global perspective on technology and media markets and provides thousands of clients with insight including workflow tools, forecasts, surveys, market assessments, technology audits, and opinion.
Ovum is part of the Business Intelligence Division of Informa plc, a leading business intelligence, academic publishing, knowledge and events group listed on the London Stock Exchange. https://ovum.informa.com/