98% of companies have no cover to help with the aftermath of destructive cyber-attacks. Just a tiny minority of large UK firms have any protection that could help to pay the cost of recovering from a major attack while insurance in smaller firms was almost nonexistent.
The average cost of cleaning up after a large-scale cyber-attack is between £600,000 and £1.15m for large firms and between £65,000-£115,000 for small firms. Without any insurance, companies have to fork out large amounts of money from their own reserves to repair the affected systems and ensure customer data is still secure.
The government report aims to convince firms to buy insurance to protect themselves with in the face of growing numbers of increasingly sophisticated attacks. It also says that insurance can show companies the best ways to deal with attacks and can help them understand the risks incurred by not having adequate protection.
Cabinet Office Minister Francis Maude said in a statement: “The cyber-threat remains one of the most significant – and growing – risks facing UK business. Insurers can help guide and incentivise significant improvements in cybersecurity practice across industry by asking the right questions of their customers on how they handle cyber-threats.”
Insurers are now being encouraged to apply advice on safe computing while assessing a firm when a new insurance policy is drawn up. It is thought that insurance for cyber-attacks could help to highlight the weakest areas of a company’s protection.
The statistics are worrying because they show just how vulnerable the vast majority of UK firms are when faced with a severe cyber-attack. With the exploits getting ever more advanced and sophisticated, the government’s intervention to encourage firms to protect themselves more thoroughly is a vital step in securing businesses against the threats on the internet.
