Thirty one percent of UK executives surveyed say their firm has no cyber security insurance, compared to 40 percent in other countries surveyed  Only 28 percent of UK firms surveyed have cyber security insurance that covers all risks and 69 percent of respondents say insurers should do more to explain how they price risk.

UK firms are increasingly protecting themselves with cyber security risk insurance, but nearly a third of firms have not taken out insurance yet. A new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO reveals that even among those that have insurance, only 28 percent said they have cyber security insurance that covers all risks.

Even though the majority of firms surveyed have cybersecurity insurance, most say that the risk assessment process insurers use needs improvement. Just 31 percent of respondents think their premiums reflect an accurate assessment of their risk. Nearly as many, 29 percent, said they don’t believe the assessment accurately reflects their risk, and 11 percent said they don’t know how their insurance is priced.

“The UK will soon be subject to General Data Protection Regulation (GDPR), which introduces higher fines in cases of data breach,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “Even if attacks don’t increase in volume, firms could end up paying more, which makes having comprehensive insurance more important. At the same time, companies have a right to expect that they will pay less if their protection is better. The onus is on the cybersecurity insurance industry to make sure insurance rates are fairly set for each individual firm, based on a sound analysis of its risk.”

Ovum conducted the survey for FICO through telephone interviews with 350 CXOs and senior security officers based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, retail, ecommerce and media service providers.