Two thirds of UK organisations are uninsured against the financial impact of a data breach, a survey has revealed.

It has been discovered that only 29% of organisations have dedicated cyber insurance in place, despite 81% of senior executives touting insurance against a data breach as “vital”.

According to the report, which examines business attitudes to risk and the value of information security, UK businesses would have to spend £1 million, on average, to recover from a breach.

Kai Grunwitz, senior vice-president for Europe at NTT Security, said: “With estimated annual losses from cyber crime now topping $400bn, (£291bn) you would hope more organisations would be beating a path to insurers’ doors. But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it’s an issue that many senior decision makers are not on top of.”

Beyond the financial implications, the reputational damage inflicted by a breach could spell disaster from a PR perspective – underpinned by the report’s finding that organisations prioritise brand image above financial losses.

Of the 1,800 respondents surveyed, 56% were most concerned about lost customer confidence and 52% were more fearful of the reputational damage inflicted by a breach.

Many organisations still lack security policies

Data breaches are becoming more severe, yet many organisations still assume they will never suffer one. However, organisations should adopt a ‘when not if’ mentality if they are to protect themselves.

Nearly half (43%) of survey respondents admitted to not having an information security policy in place, yet effective defences can prevent the majority of attacks and help you prepare for a breach.

ISO 27001 is the international standard that describes the requirements for an ISMS. (Information Security Management System)

Organisations that implement an ISMS will be able to secure information in all its forms, increase their resilience to cyber attacks, adapt to evolving security threats and reduce the costs associated with information security.

Implementing an ISO 27001-compliant ISMS is not only information security best practice but is also integral to demonstrating data protection compliance. Even if you do suffer a breach, regulators show leniency to organisations that have certified to ISO 27001 because they are able to demonstrate that they are following information security best practice.

Source: IT Governance