The insurance industry needs to do a better job of explaining how it prices coverage in the emerging cybersecurity area, according to a survey by market research firm Ovum for U.S. analytics firm FICO.
Specifically, there is a lack of clarity about how premiums for cybersecurity insurance are set. The survey — which was conducted over the phone with 350 corporate executives in Canada, the U.S., the UK, and the Nordic countries in March and April — found that 80% of Canadian firms say that “more could be done” to help explain how the risk is priced.
Researchers also found that 26% believe that it would be beneficial to establish an industry standard to benchmark cybersecurity risk and 20% said that the premiums they are currently paying do not accurately reflect their risk profile.
The survey also notes that cyber coverage is somewhat more prevalent in Canada than in the U.S. It found that 50% of firms in the U.S. have no coverage compared with 36% in Canada and 40% globally. Yet, of those that do have insurance, only 18% say that it covers all likely risks.
“Without cyber risk insurance, organizations are leaving themselves in a very vulnerable position,” says Kevin Deveau, vice president and managing director of FICO Canada, in a statement. “It’s important for businesses to assess the strength of their cybersecurity defences and to make sure they are covered if they are faced with a data breach. The ripple effect of a breach can be felt throughout the organization for a very long time, especially now that Canada’s Digital Privacy Act will require organizations to report any breaches to regulators and customers.”