Analytics firm FICO has released a latest study on the number of firms in the US that had cybersecurity insurance coverage and has found that while the number of firms with the coverage increased from last year, only 1 out of 3 firms has full coverage.

FICO Survey

Image: FICO Survey finds 1 in 3 US firms lack full cybersecurity insurance. Photo: Courtesy of Ilya Pavlov/Unsplash

FICO’s survey found that the number of businesses which did not have any cybersecurity insurance coverage had dropped from 50%, last year to 24% this year. And only 32% of the firms in the country said their insurance covers all cybersecurity risks.

The survey had been conducted by consultancy firm Ovum on behalf of FICO, across 11 countries including the US, the UK, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa.

Ovum conducted telephonic interviews with 500 senior executives, mostly from the IT function in businesses from. The respondents represented firms in financial services, telecommunications, retail and ecommerce, and power and utilities.

Though an increase in the number of firms taking up cybersecurity insurance had been reported, it still lagged behind, Canada, India and the UK.

Last year, US companies had the lowest levels of cyber insurance coverage compared to all the countries surveyed. But, only about 26% of the firms said their insurer calculated their premium based on an accurate analysis of their risk profile. Most firms stated that their premiums are based on inaccurate analysis, on industry averages or unknown factors.

Ovum research director Maxine Holt stated that although firms in the US now perform well in terms of uptake of cyber insurance, the fact that only 32% have comprehensive insurance shows that there is still some way to go for these firms to have a broad view of their security posture and how to present it for insurance.

It also shows that the firms have a cybersecurity posture that the insurance companies are not prepared to cover comprehensively. At the same time, one should not detract from the positive news that 76% of US organizations have elevated the importance of cybersecurity to a level that needs insuring.

Healthcare firms in the US were mostly likely to have no cybersecurity insurance, as 70% reported this and when compared to financial services firms, only 10% reported that they had no cybersecurity insurance.

FICO cybersecurity solutions vice president Doug Clare said: “It’s is great to see that progress is being made but still surprising, that nearly a quarter of U.S. firms surveyed have no cybersecurity insurance coverage. Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go.

“As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”