Data breach insurance claims hit one a day
Insurer warns SMBs to improve their security maturity
Insurance claims for data breaches are exceeding one a day, according to one insurance company.
CFC Underwriting said it had 400 claims on breach policies it offered, up 78% from 2015, according to a report on the BBC.
Graham Newman, chief innovation officer at the company, said that SMBs were most affected, with firms posting revenues below 50 million making up 90% of claims. Plus, he said British firms were making a disproportionate number of claims.
"This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts," he told the BBC.
Close to a third of claims were for privacy breaches, while 22% were for financial losses, and 16% for ransomware - a rising strain of malware that locks down data and requires payment to unlock it.
Newman said insurance firms such as his own were offering incident response services to help smaller companies deal with such attacks, which can prove expensive - TalkTalk's data slipup from 2015 is estimated to have cost the ISP 60 million, before an fine of 400,000.
CFC may lament paying out on the policies, but it clearly sees insuring against them as a wise business move, offering in November a new kidnap and ransom product that includes cyber extortion coverage.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Research from Aon Risk Solutions earlier this year suggested only 7% of SMBs had such insurance, but PWC partner Paul Delbridge told the BBC that such security policies were becoming more popular, particularly to smaller companies that can't afford a security department.
Perhaps businesses would be better off investing in security than insurance, however.Carl Leonard, WebSense's principal security analyst,toldIT Prolast year: "The focus really needs to be on making sure that you have the best [security posture] possible, so that you can work dynamically, embrace new technologies and work in a fast-paced environment, rather than simply focusing on cyber insurance."