Many North American firms have no cyber insurance coverage: Survey

Share post:

Many North American organizations still don’t have cyber insurance, warns a new study, and those that don’t have enough coverage. Only 55 per cent of the 450 Canadian and U.S. respondents to a survey paid for by BlackBerry and Boston-based Corvus Insurance said they currently have cyber insurance. Another 28 per cent intend to acquire coverage shortly. However, of those with insurance, over one-third (37 percent) said their organizations aren’t covered for ransomware payments. Forty-three per cent said their firms aren’t covered for auxiliary costs such as court costs and downtime. Even those with coverage may be insured at too low a limit. Over half (56 per cent) of the insured are only covered up to US$600,000. That’s not even enough to cover the median ransomware demand of 2021, survey authors said.

“Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage,” said Shishir Singh, executive vice president and CTO for cybersecurity at BlackBerry.

“For uninsured and underinsured organizations, this potentially puts them in extreme jeopardy. The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible. It’s vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk.”

The survey questioned 450 managers who make business decisions for IT or security solutions at their organizations. Interestingly, 60 per cent of respondents said they would be hesitant to enter a new business agreement with any organization lacking cyber insurance. Cost is a major factor in cyber insurance decisions, the survey suggests. Fifty-seven per cent of respondents said the current cost of premiums is a challenge. followed by lack of transparency from insurance companies about what will be covered (49 per cent). A predominant reason for business underinsurance was a lack of compliance with cybersecurity software requirements of insurers. One-third of respondents said their organization had previously been denied insurance coverage because it didn’t meet specific requirements for having endpoint detection and response (EDR) technology. Other experts have noted insurers also may demand customers have multi-factor authentication for logins, and off-site or cloud data backup.

“Though it might sound counterintuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry,” said Vincent Weafer, chief technology officer at Corvus Insurance. “In our portfolio alone, we’ve seen a 50 percent reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organizations to stand up to attackers.”

For more on the survey see this BlackBerry blog. The post Many North American firms have no cyber insurance coverage: Survey first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways