SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

UK councils lack cyber insurance, Apricorn report finds

Thu, 7th Nov 2024

Apricorn has released findings indicating a widespread lack of cyber insurance coverage among UK local councils and government departments.

Based on Freedom of Information requests, the study revealed only two out of 41 local councils had cyber insurance policies in place, specifically Flintshire County Council and London Councils, as of 2024. These councils cited efforts commencing in 2022 and 2021, respectively.

Further highlighting the issue, Ards and North Down Borough Council along with the Greater Manchester Combined Authority noted plans to acquire cyber insurance within the next year. Despite this, it remains that most government bodies lack adequate cyber coverage.

Notably, some councils either avoided responding, confirmed the absence of cyber insurance, or disclosed no intentions to procure such policies soon. In response, Suffolk County Council reported managing 334 breaches internally, casting doubt on its recovery efficacy.

Jon Fielding, Apricorn's Managing Director EMEA, stated, "Local councils and government departments are responsible for large amounts of sensitive data and should lead by example by adopting stronger cyber insurance policies and more robust data protection measures."

Contrastingly, Apricorn's 2024 research found that 78% of surveyed IT security decision makers in the private sector have cyber insurance, though only 28% trust their policies will cover breaches effectively. A combined 15% of respondents either doubt their coverage or failed to secure financial assistance after a claim.

Fielding commented, "Data breaches not only pose a financial threat but can severely disrupt operations. Yet, our research shows that many organisations are still failing to prioritise effective data backup strategies and appropriate insurance coverage."

Ransomware incidents have become a leading risk, now specified by 31% of IT security professionals as crucial for insurance policies, marking an increase from 16% in 2023. Similarly, findings note a rise in phishing risks from 19% in 2023 to 23% in 2024.

The survey identified a growing reliance on backup strategies, as 46% of respondents use data backups for compliance, a rise from 28% in 2023. However, 33% admitted to incomplete data recovery post-breach due to inadequate processes.

Strategies including password hygiene (41%) and employee training (43%) are crucial for compliance with cyber insurance policies, alongside encrypted storage, regular updates, and access controls, according to Fielding's analysis.

Fielding further remarked, "Cyber insurance is not just a safeguard for financial recovery; it encourages organisations to shore up their defences, ensuring better compliance with regulatory standards and promoting best practices in data security."

Fielding concluded, "The findings from both the FoI requests and our annual survey underscore the urgent need for organisations, both public and private, to reassess their priorities, invest in better recovery strategies, and consider the benefits of cyber insurance in mitigating both financial and operational risks."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X