A recent survey from the credit score company FICO has some interesting numbers on the prevalence of cyber insurance in the US.
- 50% of US companies have no cyber insurance.
- 74% of US healthcare companies have no cyber insurance.
- 27% of US companies say they have no future plans to acquire cyber insurance.
Today, you can expect the more traditional types of business insurance, such as E&O insurance, to not cover cyber incidents, such as data breaches. And the recent WannaCry ransomware attack shows how vulnerable companies can be, especially if they do not keep up on security patches. Healthcare companies were particularly hard-hit by the ransomware attack last month, and they invariably possess HIPAA-protected data, so their below average adoption of cyber insurance is surprising. Yet, it is also true that not everyone needs cyber insurance. What is recommended, however, is for companies to at least assess their risk and make a reasoned decision.