Study: U.S. companies lack coverage against cyber attacks

Almost half of all American companies find themselves without cyber security insurance, according to a recently released study measuring the cyber preparedness of global companies. The study was done by security consultant NTT Com Security.

Forty-nine percent of U.S. based companies admit to being without specific insurance dedicated to protecting their information against a cyber-attack. Despite less than half of all U.S. companies being covered, the survey found American corporations to be among the world’s leaders, as only the number dipped to only 35 percent of companies worldwide that have comprehensive cyber-insurance.

The researchers surveyed 1,000 non-IT professionals in the U.K., U.S., Germany, France, Sweden, Norway and Switzerland and found that 12 percent of global companies had no policy protecting their systems, going without coverage against even an individual security breach or a data loss.

Yet, as the frequency and intensity of attacks continues to increase, companies appear to be getting the message about the importance of protecting their agencies. A majority of respondents admitted that cyber insurance can potentially save them millions in damages, and nearly 43 percent responded that they have either already started to improve their coverage or are in the planning stages of the process to do so.

However, those same respondents appear pessimistic that increased insurance coverage will be enough to cover all potential losses. Only 46 of currently covered companies believe that their policies will cover legal costs, while just over forty percent of respondents believe they are insured against regulatory fines, government fines and remediation. Three-quarters of all respondents believe that they will not be protected against intellectual property or business loss.

More than half of respondents believe that lack of compliance with security criteria or business policies would invalidate their insurance, while lack of an incident response plan is also cited as a potential protection policy issue. Only 52 percent of businesses have a complete information security policy, while less than half of companies have a disaster recovery plan.

[ image courtesy of everydayplus / FreeDigitalPhotos.net ]