(Reuters) - The number of British firms insured against cyber threats has fallen sharply in the past year even though many doubled their security budgets after some high-profile companies suffered attacks, a survey by PwC showed on Wednesday.
The auditing and corporate advisory firm said companies were reluctant to invest in cyber insurance because they viewed products available as inadequate.
PwC interviewed 479 executives at British companies and only 38 percent said their company had a cyber insurance policy, down from 59 percent in a similar survey a year ago.
“The drop in take-up of cyber insurance shows that this is still maturing as a product,” Domenico del Re, insurance director at PwC, said.
“Companies do not see the cover currently on offer as targeted to their individual risks and therefore not value for money.”
The amount of cover insurers offer does not come close to the potential losses seen by companies from a truly damaging cyber attack, PwC said.
Over the past two years, British companies such as broadband operator TalkTalk, Experian, the world’s biggest credit data company, and Sage Group, a financial software provider, have been targeted by hackers.
Cyber attacks cost British firms 34 billion pounds ($44 billion) a year in lost revenue and increased IT spending after the attacks, research by the Centre for Economics and Business Research and computer security group Veracode estimated in a report last year.
PwC also spoke to 14 specialist insurance companies in London to look at how the insurers view cyber risks.
Half of insurers who responded sell cyber policies, or see cyber insurance as an area of growth, while the other half do not actively pursue it, often believing the risk to be “borderline insurable”, PwC said.
Most of the insurers who offer cyber cover, however, still “tread carefully” and tend to limit the amount of cover offered under each policy.
About 95,000 subscribers left TalkTalk following the cyber breach, when the personal details of 157,000 customers were stolen from its database via its website.
The cost of the attack was clear in TalkTalk’s full-year statutory pretax profit which more than halved to 14 million pounds after exceptional items of 83 million pounds.
British companies, which now spend about 6.2 million pounds on average on security, are also more likely than firms around the world to keep their cards close to their chest and not share security knowledge, PwC said.
Reporting by Noor Zainab Hussain in Bengaluru; Additional reporting by Sanjeeban Sarkar; Editing by Susan Fenton
Our Standards: The Thomson Reuters Trust Principles.