UK IT Professionals Slow to Respond to Cyber-Insurance

According to a recent survey, nearly half of the IT professionals polled thought there was ‘insufficient need’ to invest in cyber-insurance, whilst just over one third did not believe that their company would need to change its IT security policy when taking out cyber-insurance. 

These are the main findings to emerge from a recent survey on cyber-insurance carried out amongst IT professionals in the UK and France by Wallix, a software company providing cyber-security and governance solutions for information systems access.

[easy-tweet tweet=”47% thought that there was ‘insufficient need’ to invest in cyber-insurance” user=”comparethecloud” hashtags=”cybersecurity”]

According to the 2014 Information Security Breaches Survey, 81% of large businesses and 60% of small businesses suffered a breach in the last year with the average cost of breaches to business nearly doubling since last year. As cyber-insurance begins to be seen as a way to effectively cover costs and repair damage associated with a breach, Wallix’s survey reveals IT departments are slow to react to the change.

[easy-tweet tweet=”35% of UK respondents didn’t know which department would lead the purchasing decision for cyber-insurance” via=”no” usehashtags=”no”]

41% of respondents did not believe a change in IT policy would be necessary when taking out cyber insurance and half of the respondents thought it would be difficult to identify whether ex-employees, ex-third party providers or ex-contractors still had access to resources on their network. An audit trail that proves access rights are being managed appropriately, e.g. are revoked when an employee leaves the firm, is considered necessary to validate most cyber-insurance policies.

[easy-tweet tweet=”41% did not believe that their company would need to change its #ITsecurity policy when taking out cyber-insurance” via=”no” usehashtags=”no”]

The breakdown is as follows: half of them thought it would be either ‘difficult’ or ‘very difficult’ to identify whether any ex-third party providers still had access to resources on their network; 40% thought it would be difficult to identify whether any ex-employees still had access and, again, 55% (made up of 45% answering ‘difficult’ and 10% answering ‘very difficult’) would appear to have problems spotting any ex-contractors.

Headquartered in France, Wallix conducted the survey in both the UK and France. Although there was a great deal of uniformity in the responses to most answers there was some divergence between the two countries in two question areas: which internal department led the organisation’s purchase decision (according to the French sample, nearly a third thought the Finance Department led on this whilst in the UK the Finance Department did not feature at all) and in their confidence with their systems’ abilities to make critical updates and in their treatment of third party providers The majority of the French sample were very confident, their British counterparts much less so.

For the British sample, ‘Identity and Access’ emerged as one of the top three cyber security challenges, alongside ‘meeting compliance’ and ‘working with third parties’.

Commenting on the findings, the report’s author, Chris Pace, the company’s Head of Product Marketing at Wallix UK, who commissioned the survey, said, “Cyber-insurance is rapidly coming of age and both the Government and the UK insurance industry have taken big steps to ensure that the UK leads the world in this field. But the IT industry needs to raise its game.

Our survey indicates that there is a degree of complacency within many organisations’ IT departments and this needs to be eradicated if companies are not to be put at risk.  We are frankly alarmed that the IT department does not feel the need to change the security policy when cyber insurance policies clearly indicate that businesses must have complete control and visibility of every user who accesses their infrastructure. And yet according to our survey this clearly isn’t happening. Hopefully our report will act as a wake-up call to those IT departments.”

The survey findings have been incorporated into a report entitled ‘We may not have it covered: Do IT teams understand the impact of investing in cyber-insurance?’ The report is available to download from the Wallix website here. 

The online survey took place during July and August of this year. The sample was drawn from Information Technology professionals.

[quote_box_center]

Based on the survey, the company has recommended five steps that it feels companies will need to follow so as to get the best from their cyber insurance policy. These are:

1. Get involved. It’s vital the IT department is part of any process to invest in cyber insurance.

2. Know your limits. Make sure you have a clear understanding of the technology limitations that could affect your cover.

3. Belt and braces. Your regular and automated security activities (updates, patching, signatures etc) must be working. They could be the difference between an insurance payout or the spiraling costs and damage limitation resulting from a breach.

4. Maximise your visibility. If you do suffer a breach there’s a possibility that your insurance company will want to attribute its source; the more data you have the easier that job will be.

5. Know your access control weaknesses. Many cyber-insurance policy terms make an assumption that businesses have complete control and visibility of every user who accesses your infrastructure. Start by ensuring you have effective management of privileged user access. 

[/quote_box_center]

+ posts

The editorial team behind Compare the Cloud made up a unique group of IT specialists, digital marketers and cloud specialists. We understand the industry from both the IT manager’s perspective and the perspective of the IT service provider.

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

Driving the Future of Connectivity with Data Centres

As an astonishing matter of fact, there are 5.3 billion people...

Willow’s Breakthroughs in Quantum Stability

The Start of a New Era Have you heard the...

Cloud Computing Demands Robust Security Solutions

Modern organisations are increasingly reliant on cloud computing to...

Unlocking the future of manufacturing; AIOps network optimisation

Global manufacturing activity has failed to show signs of...

Why is the hybrid cloud the future of computing?

Have you ever wondered how companies can benefit from...