creditcontrol.co.uk
​
​
Uptake of cyber insurance slow in UK councils
​​
Only two out of 41 local councils claimed to have a cyber insurance policy in place despite increasing breach risks, according to new findings from Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, annual survey and FoI (Freedom of Information) requests.
Despite the escalating risks of ransomware, phishing, and insider threats, many organizations, including government entities, remain unprepared for cyber incidents, with inadequate backup strategies and a lack of cyber insurance coverage. In a series of FoI requests made to local councils and government departments across the UK, only two out of the 41 local councils questioned had a cyber insurance policy in place. Flintshire County Council which adopted its policy in October 2022 and London Councils, whose policy covers the period 2021 to 2024.
Additionally, only two others – Ards and North Down Borough Council and Greater Manchester Combined Authority (GMCA) – mentioned plans to invest in such policies within the next year, whilst the vast majority of local authorities confirmed that they have no cyber insurance in place, and do not plan to invest in cyber insurance in the near future despite the risks. Suffolk County Council, who disclosed 334 breaches in the same request, noted that they manage cyber risks in-house, raising concerns about their ability to cost effectively recover from future incidents.
“Local councils and government departments are responsible for large amounts of sensitive data and should lead by example by adopting stronger cyber insurance policies and more robust data protection measures”, says Jon Fielding, Managing Director EMEA, Apricorn. “Ransomware and phishing attacks are only increasing in frequency and sophistication. Organizations need to ensure that they have a robust multi-layered approach to backups and security measures to recover swiftly from such incidents. Data breaches not only pose a financial threat but can severely disrupt operations. Yet, our research shows that many organizations are still failing to prioritize effective data backup strategies and appropriate insurance coverage.”
Lack of understanding seems to be a root cause. Apricorn’s research finds that while 15% of organizations say they have cyber insurance in place, 7% say they are unsure that it covers them adequately in the event of a cyber breach, despite 28% hoping that they will be covered in the event of a breach. However, of those who have cyber insurance in place, 8% say they have been unsuccessful in claiming financial assistance. On a positive note, 21% of respondents say they have cyber insurance in place but have not had to make a claim.
The survey also found an increasing reliance on backup strategies, with 46% of respondents citing data backups as an essential tool to meet cyber insurance compliance requirements, up from 28% in 2023. This is likely a result of so many failed recoveries. In fact, a worrying 33% of IT security decision makers admitted they failed to completely recover data following a breach due to weak backup processes.
“Cyber insurance is not just a safeguard for financial recovery; it encourages organisations to shore up their defences, ensuring better compliance with regulatory standards and promoting best practices in data security,” continues Fielding. “The findings from both the FoI requests and our annual survey underscore the urgent need for organisations, both public and private, to reassess their priorities, invest in better recovery strategies, and consider the benefits of cyber insurance in mitigating both financial and operational risks.”