A survey found that over three quarters (78%) of UK IT security professionals did not have insurance, or did not know if their organisations were insured against e-crime legal costs. This is despite more than half (54%) seeing an increase in the threat level in the last 12 months.
Just over a quarter (27%) said they had definitely taken out insurance against interruption of business by hackers, while only 27% said they knew their organisations were insured against e-crime-related data loss.
Malcolm Marshall, UK head of information security at KPMG, said, “Businesses should be acutely aware of e-crime risks after various recent high-profile cyber attacks against big organisations. But they aren’t taking out insurance for a number of reasons.” KPMG and AKJ Associates surveyed 200 senior security decision makers from global businesses, including FTSE 100 companies, to compile the e-Crime Report 2011.
Marshall said “not many” organisations knew or understood what insurance was available. “Many were also sceptical about the effectiveness of current policies and whether insurers would actually pay out against e-crime claims,” he said.
The report states that two fifths (41%) of organisations have a lack of knowledge of potential vulnerabilities, leaving them open to attack. As a result, half (51%) admitted they don’t have, or don’t know whether their organisation has a strategy for dealing with e-crime risks.
The majority (69%) of firms agreed that outsourcing and cloud computing increased their exposure to e-threats, the survey showed.
When it comes to the cloud, over half of firms say their top priority this year is “cloud readiness”, rather than a full cloud migration, according to separate research.
IT infrastructure services firm Computacenter questioned over 200 IT decision makers at the recent Cloud Computing World Forum. Overall, 51% of organisations said their overriding priority this year was making their IT infrastructure “cloud-ready”.
The survey found that 28% of organisations are looking to migrate many of their workloads to the cloud this year, but a more cautious 72% were focusing on testing individual cloud functions, such as email, testing/development and hosting.