Most IT security chiefs have not taken out e-crime insurance

Almost 80 per cent of UK IT security professionals operate without insurance, or do not know if their organisations are insured against e-crime legal costs, a new survey by KPMG has found.

This alarming statistic comes despite the fact that 54 per cent have seen an increase in threats over the past 12 months.

The survey found that just 27 per cent said they have definitely taken out insurance against interruption of business by hackers, while the same percentage said they knew their organisations were insured against e-crime-related data loss.

"Businesses should be acutely aware of e-crime risks after various recent high-profile cyber attacks against big organisations," said Malcolm Marshall, UK head of information security at KPMG. "But they aren't taking out insurance for a number of reasons."

Marshall added that "not many out there know or understand" what insurance is available. He said: "Many are also sceptical about the effectiveness of current policies and whether insurers will actually pay out against e-crime claims."

The research also found that "insufficient awareness of the increasingly unpredictable e-crime threat" also appeared to be hampering organisational response.

Elsewhere, 41 per cent of organisations surveyed said their lack of knowledge of potential vulnerabilities was leaving them open to attack. Subsequently, 51 per cent admitted they either do not have or do not know whether their organisation has a strategy for dealing with e-crime risk.

KPMG along with AKJ Associates surveyed 200 senior security decision makers from global businesses and FTSE 100 companies.