Security chiefs don’t believe insurers will pay out on cyber claims By Sooraj Shah

01/05/2015 19:03

Chief information security officers (CISOs) don't believe that cyber insurance policies will pay up when they need to make a claim, according to a survey of senior information security professionals.

The survey found that the most common reason for not purchasing a cyber-insurance policy was the belief that insurers would not actually pay out on a claim.

Seventy-four per cent of those surveyed said that their organisation had no cyber insurance in place, but even for those whose businesses have purchased cyber insurance, 48 per cent thought that the policies might not pay out if they needed it.

Thirty per cent of the security professionals, whose organisations are members of KPMG's international information integrity institute, believe that the market for cyber insurance does not appear to be sufficiently mature yet.

But while the report suggested that more than one-quarter of respondents' organisations had cyber insurance in place, a government report released in March suggested that only two per cent of large UK companies had explicit cyber security cover, and this figure drops close to zero for smaller organisations.

Computing evaluated the pros and cons of cyber insurance last year, when Jamie Boloux, head of cyber products and liability at insurer AIG, explained that demand for the product was already high in the US, and was starting to grow in Europe.

Stephen Bonner, a partner at professional services firm KPMG, likened companies buying cyber insurance to individuals purchasing travel insurance. "It's like the type of travellers that go on holiday with an expensive camera and valuables and ensure that they are insured, while those who need it more when they go on a skiing holiday are probably the ones who would get the most benefit from getting insurance but don't," he said.

According to the KPMG survey, much of the scepticism surrounds policies' terms and conditions. Richard Cumbley, a partner at Linklaters, suggested that some clients have found exclusions in these policies which make them virtually useless. 

"In the EU, the premiums may be outweighing the losses recovered," he said.

Source:http://www.computing.co.uk/ctg/news/2406588/security-chiefs-don-t-believe-insurers-will-pay-out-on-cyber-claims