According to a recentย survey, nearly half of the IT professionals polled thought there was โinsufficient needโ to invest in cyber-insurance, whilst just over one third did not believe that their company would need to change its IT security policy when taking out cyber-insurance.ย
These are the main findings to emerge from a recentย surveyย on cyber-insuranceย carried out amongst IT professionals in the UK and France by Wallix, a software companyย providing cyber-security and governance solutions for information systems access.
[easy-tweet tweet=”47% thought that there was โinsufficient needโ to invest in cyber-insurance” user=”comparethecloud” hashtags=”cybersecurity”]
According to the 2014 Information Security Breachesย Survey, 81% of large businesses and 60% of small businesses suffered a breach in the last year with the average cost of breaches to business nearly doubling since last year. As cyber-insurance begins to be seen as a way to effectively cover costs and repair damage associated with a breach, Wallixโsย surveyย reveals IT departments are slow to react to the change.
[easy-tweet tweet=”35% of UK respondents didnโt know which department would lead the purchasing decision for cyber-insurance” via=”no” usehashtags=”no”]
41% of respondents did not believe a change in IT policy would be necessary when taking out cyber insurance and half of the respondents thought it would be difficult to identify whether ex-employees, ex-third party providers or ex-contractors still had access to resources on their network. An audit trail that proves access rights are being managed appropriately, e.g. are revoked when an employee leaves the firm, is considered necessary to validate most cyber-insurance policies.
[easy-tweet tweet=”41% did not believe that their company would need to change its #ITsecurity policy when taking out cyber-insurance” via=”no” usehashtags=”no”]
The breakdown is as follows: half of them thought it would be either โdifficultโ or โvery difficultโ to identify whether anyย ex-third party providersย still had access to resources on their network; 40% thought it would be difficult to identify whether anyย ex-employeesย still had access and, again, 55% (made up of 45% answering โdifficultโ and 10% answering โvery difficultโ) would appear to have problems spotting anyย ex-contractors.
Headquartered in France, Wallix conducted theย surveyย in both the UK and France. Although there was a great deal of uniformity in the responses to most answers there was some divergence between the two countries in two question areas: which internal department led the organisationโs purchase decision (according to the French sample, nearly a third thought the Finance Department led on this whilst in the UK the Finance Department did not feature at all) and in their confidence with their systemsโ abilities to make critical updates and in their treatment of third party providers The majority of the French sample were very confident, their British counterparts much less so.
For the British sample, โIdentity and Accessโ emerged as one of the top three cyber security challenges, alongside โmeeting complianceโ and โworking with third partiesโ.
Commenting on the findings, the reportโs author, Chris Pace, the companyโs Head of Product Marketing at Wallix UK, who commissioned theย survey, said, โCyber-insurance is rapidly coming of age and both the Government and the UK insurance industry have taken big steps to ensure that the UK leads the world in this field. But the IT industry needs to raise its game.
Ourย surveyย indicates that there is a degree of complacency within many organisationsโ IT departments and this needs to be eradicated if companies are notย to be put at risk. ย We are frankly alarmed that the IT department does not feel the need to change the security policy when cyber insurance policies clearly indicate that businesses must have complete control and visibility of every user who accesses their infrastructure. And yet according to ourย surveyย this clearly isnโt happening. Hopefully our report will act as a wake-up call to those IT departments.โ
Theย surveyย findings have been incorporated into a report entitled โWe may not have it covered: Do IT teams understand the impact of investing in cyber-insurance?โ The report is available to download from the Wallix websiteย here.ย
The onlineย surveyย took place during July and August of this year. The sample was drawn fromย Information Technology professionals.
[quote_box_center]
Based on theย survey, the company has recommended five steps that it feels companies will need to follow so as to get the best from their cyber insurance policy. These are:
1.ย Get involved.ย Itโs vital the IT department is part of any process to invest in cyber insurance.
2.ย Know your limits.ย Make sure you have a clear understanding of the technology limitations that could affect your cover.
3.ย Belt and braces.ย Your regular and automated security activities (updates, patching, signatures etc) must be working. They could be the difference between an insurance payout or the spiraling costs and damage limitation resulting from a breach.
4.ย Maximise your visibility.ย If you do suffer a breach thereโs a possibility that your insurance company will want to attribute its source; the more data you have the easier that job will be.
5.ย Know your access control weaknesses.ย Many cyber-insurance policy terms make an assumption that businesses have complete control and visibility of every user who accesses your infrastructure. Start by ensuring you have effective management of privileged user access.ย
[/quote_box_center]
The editorial team behind Compare the Cloud made up a unique group of IT specialists, digital marketers and cloud specialists. We understand the industry from both the IT managerโs perspective and the perspective of the IT service provider.