May 26, 2017
More than one-third of Canadian firms do not have cybersecurity insurance: FICO report
While ahead of global averages, Canadian businesses still have a long way to go to fully protect themselves in the event of a data breach
36 per cent of Canadian security executives surveyed say their firm has no cyber security insurance, compared to 50 per cent in the U.S. and 40 per cent globally
80 per cent of respondents say insurers should do more to explain how they price risk coverage
Ovum conducted telephone surveys for FICO of security executives at 350 companies in Canada and other countries
TORONTO -- Canadian firms are ahead of the curve when it comes to cybersecurity risk insurance, but over one-third (36 per cent) have not taken out cybersecurity insurance at all. Those are key findings in a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO, which reveals that even among those that have insurance, only 18 percent say they have cybersecurity insurance that covers all likely risks.
FICO will host a Tweet Chat on the cybersecurity survey with Ovum tomorrow at 11:00 am EDT. Individuals are encouraged to participate using #cybertrends.
Although the survey showed the efforts Canadian organizations still have to take to ensure they are fully protected in the event of a cyber-attack, it also shows that these organizations are significantly more responsible than many of their global counterparts when it comes to insurance — especially when compared to the U.S. While only 16 per cent of Canadian organizations say they have no intention of taking out cyber-risk insurance, more than a quarter (27 per cent) of surveyed U.S. executives responded the same way.
“Without cyber-risk insurance, organizations are leaving themselves in a very vulnerable position,” said Kevin Deveau, vice president and managing director of FICO Canada. “It’s important for businesses to assess the strength of their cybersecurity defences and to make sure they are covered if they are faced with a data breach. The ripple effect of a breach can be felt throughout the organization for a very long time, especially now that Canada’s Digital Privacy Act will require organizations to report any breaches to regulators and customers.”
There is still confusion in Canada and other countries about how cybersecurity insurance premiums are set. 80 percent of Canadian firms feel that more could be done to help organizational decision makers understand how risk price structure is calculated. More than a quarter of respondents (26 per cent) feel that the introduction of an established industry standard to benchmark cybersecurity risk would be beneficial. Currently, 20 per cent feel that the premiums calculated based on their business do not accurately reflect their risk profile.
Ovum conducted the survey for FICO through telephone CXOs and senior security officers in 350 companies based in Canada, the US, the UK, and the Nordics in March and April 2017. The respondents represented firms in financial services, telecommunications, healthcare, retail, ecommerce and internet service providers.
For more information, read our white paper: http://www.fico.com/en/latest-thinking/white-paper/what-the-c-suite-needs-to-know-about-cyber-readiness