-optimized.jpg){kind=avatar}
Companies are unaware of the concept of digital risk or ?cyber insurance?, and that?s a worry, says a network integrator and consultancy.
Scalable Networks found that only 11 per cent of UK companies surveyed said that they had taken out some IT insurance despite a recent study by the British Chambers of Commerce warning that viruses and hacking attacks are costing UK companies millions of pounds a year (see news item on this site). The US government meanwhile is encourageing US businesses to take out ?cyber insurance?. Alan McGibbon, Director, Scalable Networks, says: ?Many standard commercial insurance policies do not cover or recognise losses from denial of service attacks, virus infection or intellectual property violations – instead, insurance firms are increasingly offering dedicated ?cyber? policies. However, there is very little awareness about this and such policies can have huge premiums attached if appropriate steps have not been taken to secure a corporation’s data assets. Many of these cyber insurance policies also require an independent audit of existing IT security systems. It is no surprise that many companies would rather take the risk, but this could prove to be a very dangerous gamble.?
Admissions
Some 64 per cent of respondents admitting that they have never carried out a vulnerability test on their network and have little idea of how well protected they are against attack. This is in spite of 60pc of companies claiming to understand the implications of having an insecure network under the Data Protection Act. McGibbon adds: ?This survey reveals that a worrying number of company networks may have completely ineffective and untested security measures. The measure of how secure a networks is at any ‘snapshot’ in time will invariably decline as hacking techniques become more advanced and as new vulnerabilities are identified, so continuous assessment is a must. Penetration tests and vulnerability assessments are designed to reveal any potential weaknesses and identify what should be done to overcome them, but this has to be an ongoing process.?
The survey
Scalable Networks surveyed more than 2,500 UK companies, finding: 55pc of UK businesses have a written security policy; 60pc of UK businesses are aware of the DPA implications of an insecure IT
network; 11pc of UK businesses have some form of cyber insurance; and 36pc of UK businesses have carried out vulnerability testing on their IT network. This survey was conducted as part of Scalable Networks recently launched SecurePlus service, which offers security consultation, policy generation, penetration testing and related protection products and services, including digital risk insurance. Visit www.scalablenetworks.co.uk
