UK lack of cyber-insurance exposed

About 98% of large UK firms lack insurance that could help them recover from a serious cyber-attack, says a UK government report.

They lack cover even though 81% suffered a security breach in the last 12 months, it said.

The report aims to convince firms to buy insurance to help them manage escalating cyber-threats

Insurance can show companies how to cope better with attacks and understand the risks they face, it said.

The report revealed that a tiny fraction of large UK firms have taken out insurance that could help pay the cost of recovering from a serious security breach. In smaller firms, insurance was almost unknown, it found.

A separate security survey, released in 2014, suggests that the average cost of the most serious security breach large firms face every year is between £600,000 and £1.15m to clean up and remedy. For small firms, costs are £65,000-£115,000.

"The cyber-threat remains one of the most significant - and growing - risks facing UK business," said Cabinet Office Minister Francis Maude in a statement.

About half of the chief executives interviewed for the report did not even know it was possible to buy cyber-insurance, found the report. Insurance firm Marsh helped write the report which emerged from work the government carried out in late 2014 on risks facing UK business.

Mr Maude added that over the last few years, UK industry had improved its understanding of the dangers it faced from cyber-thieves but more still needed to be done.

That understanding could be helped by insurance, he said, because it could help highlight where firms were weakest and pass on information about the most serious threats.

In a bid to help companies improve their awareness of the risks they face, the report said that insurers were now being encouraged to apply government advice on safe computing when they assess a firm as they draw up an insurance policy or contract.

"Insurers can help guide and incentivise significant improvements in cybersecurity practice across industry by asking the right questions of their customers on how they handle cyber-threats," said Mr Maude.