Statistics like those referred to in this article underline the importance of good insurance against cyber-risks. But obtaining it is not quite as simple as the author of the piece (or the insurance company behind the press release it was based on) would like to suggest.

There is a good reason why half of the CEO's surveyed were unaware of the availability of cyber-insurance. It is not a product that is widely available or well-understood in the manner that other forms of insurance are. Nor is the pricing of cyber-insurance a straightforward matter. As in the case of the indemnity insurance obtained by law firms and other professionals, a provider of cyber-insurance must undertake a client-sensitive assessment of the risks involved. This must encompass both the precautions that a business has taken to limit the chances of a breach, and what the business would stand to lose if a breach nevertheless occurs.

The fact that a thing is complicated, though, does not mean that it should not be done. It may not be possible for companies to purchase cyber-insurance on price comparison websites, but they will need to start getting better at sourcing such protection as the very real threat of cyber-crime becomes an increasingly significant business risk.