Nearly half of U.S. companies lack insurance coverage for cyberattacks

BLOOMFIELD, Conn.—A recent study from NTT Com Security, a global information security and risk management company, found that 49 percent of the U.S. companies surveyed currently do not have insurance specifically for cybersecurity attacks.

NTT Com Security surveyed 1,000 “non-IT business decision makers in organizations in the U.K., U.S., Germany, France, Sweden, Norway and Switzerland,” for the report.

“Faced with risks every day, it's easy for organizations to look for quick-fix solutions rather than focusing on building a solid security and risk management strategy,” Garry Sidaway, SVP security strategy and alliances for NTT Com Security, said in a prepared statement.

“Rather than relying solely on an insurance policy to cover losses, businesses need a different game plan. Buy insurance by all means, but ensure that you can demonstrate that you have put controls in place to reduce your risks, and, what these controls cover. This way you know what is being insured,” he said.

While a majority of global organizations believe information security breach insurance is crucial, less than half—41 percent—are fully covered for both security breaches and data loss, and just over one-third have dedicated cybersecurity insurance, according to the company's 2016 Risk:Value report.

U.S. businesses are the most likely to have this type of insurance, 51 percent, compared to 26 percent in the U.K.

“Security needs to be embedded into the culture of an organization, from top to bottom, championed by the CEO, designed and executed by the CISO and communicated effectively so that every employee takes responsibility for ensuring that good practices are followed,” Sidaway said.