Cyber Survey Reveals Varying Attitudes Depending on Sector

This Arctic Wolf commissioned a survey of over 1,400 senior IT decision-makers and business executives in the US, UK, and Canada. The initial publication of the findings dug deep into their thoughts and attitudes on many issues, including nation-state attacks and hybrid work.

In addition, however, their survey featured several questions on cyber insurance and interesting feedback. Here are some highlights from the survey by Odin Olsen from Arctic Wolf;

The top line stat of the research reveals that 60% of organizations have a comprehensive cyber insurance policy to protect them if they experience financial loss from a cyber attack. While that number is a good starting point, it also indicates that many organizations have yet to embrace cyber insurance, something we at Arctic Wolf consider a key component in a holistic and effective security operations program.

Diving deeper into the data, we can see that the adoption of cyber insurance varies significantly by several factors. From a geographic perspective, Canadian organizations have a slightly lower adoption rate (55%) compared to their peers in the US (63%) and the UK (62%).

There is also a significant disparity in the adoption rates by industry. For example, survey respondents from some highly regulated industries—such as financial services—have adoption rates that are 15% higher than the global average.

Two bars. Financial services with 68% - highest. Hospitality with 35%. Lowest

In contrast, the hospitality industry has the lowest adoption rate of all industries surveyed with just 35% of respondents from this vertical claiming to have a comprehensive cyber insurance policy.

So what could be the cause of such a low adoption rate for cyber insurance among hospitality firms? I’m sure the industry isn’t ignoring the role cyber insurance has in ending cyber risk. Still, I wonder if this industry’s financial hardships due to the pandemic have caused some belt-tightening in budgets, with some organizations deciding to remove (hopefully temporarily) cyber insurance from their risk management plans.

What the General Holdups Are

Getting back to the top-line findings, we asked the 40% of enterprises without cyber insurance why they don’t have an active policy. Almost half of the respondents (46%) believed they do not qualify for cyber insurance. A few industries—such as state and local government, education, and critical infrastructure—have challenges in securing cyber insurance because of the high-risk nature involved in their operations or the users on their network.

Three bar charts. US with 55%. UK 62%. Can 63%

Based on my experience, the reality is that most businesses can secure cyber insurance coverage; it’s just a matter of cost. Are you willing to pay a high premium to offset the risk associated with your security posture?

For a future survey, I hope to dig into this response more because the second most popular reason for not having cyber insurance was cost, with 18% of respondents claiming it was the prohibitive reason for their lack of a policy. I’d also add that the cost of a policy isn’t the all-in cost for insurability in many cases; required technologies like backup, monitoring, and multi-factor authentication have substantial costs for which there was no money set aside.

Interestingly, those who cited cost as the primary reason for lacking cyber insurance are that middle management (manager or director level) was three times more likely to mention the cost for their lack of insurance than C-level executives (CEO/CIO/CISO/etc.). This disparity in response reveals a potential divide between IT teams and the board room on the importance of cyber insurance. We hypothesize that the middle management responsible for the day-to-day execution of a security program feels the money for insurance could be better spent on preventative measures to strengthen their security posture.

In contrast, the C-level leaders responsible for operating an entire organization understand cyber insurance’s essential role in business continuity and risk management.


About alastair walker 12524 Articles
20 years experience as a journalist and magazine editor. I'm your contact for press releases, events, news and commercial opportunities at Insurance-Edge.Net

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.