Statistics like those referred to in this article underline the importance of good insurance against cyber-risks. But obtaining it is not quite as simple as the author of the piece (or the insurance company behind the press release it was based on) would like to suggest.
There is a good reason why half of the CEO's surveyed were unaware of the availability of cyber-insurance. It is not a product that is widely available or well-understood in the manner that other forms of insurance are. Nor is the pricing of cyber-insurance a straightforward matter. As in the case of the indemnity insurance obtained by law firms and other professionals, a provider of cyber-insurance must undertake a client-sensitive assessment of the risks involved. This must encompass both the precautions that a business has taken to limit the chances of a breach, and what the business would stand to lose if a breach nevertheless occurs.
The fact that a thing is complicated, though, does not mean that it should not be done. It may not be possible for companies to purchase cyber-insurance on price comparison websites, but they will need to start getting better at sourcing such protection as the very real threat of cyber-crime becomes an increasingly significant business risk.
A separate security survey, released in 2014, suggests that the average cost of the most serious security breach large firms face every year is between £600,000 and £1.15m to clean up and remedy. For small firms, costs are £65,000-£115,000. "The cyber-threat remains one of the most significant - and growing - risks facing UK business," said Cabinet Office Minister Francis Maude in a statement. About half of the chief executives interviewed for the report did not even know it was possible to buy cyber-insurance, found the report.