The word from Apricorn, who highlight the cyber risks inherent within the public sector;
Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, has today announced new findings from its annual survey and FoI (Freedom of Information) requests, revealing a concerning disregard for cyber insurance across both public and private sectors. Despite the escalating risks of ransomware, phishing, and insider threats, many organisations, including government entities, remain unprepared for cyber incidents, with inadequate backup strategies and a lack of cyber insurance coverage.
Cyber insurance offers a vital layer of protection in the wake of a breach, yet there is a persistent lack of understanding and investment, particularly in the public sector. In a series of Freedom of Information requests made to local councils and government departments across the UK, only two out of the 41 local councils questioned had a cyber insurance policy in place. Flintshire County Council which adopted its policy in October 2022 and London Councils, whose policy covers the period 2021 to 2024.
Additionally, only two others – Ards and North Down Borough Council and Greater Manchester Combined Authority (GMCA) – mentioned plans to invest in such policies within the next year. This leaves the vast majority of local authorities without sufficient cyber coverage, despite the high stakes.
ZERO COVER, NO PLAN
Shockingly, a significant number of government bodies have either declined to answer, confirmed that they have no cyber insurance, or indicated that they do not intend to invest in cyber insurance in the near future. Despite this, Suffolk County Council, whom disclosed 334 breaches in the same request, noted that they manage cyber risks in-house, raising concerns about their ability to cost effectively recover from future incidents.
“Local councils and government departments are responsible for large amounts of sensitive data and should lead by example by adopting stronger cyber insurance policies and more robust data protection measures”, said Jon Fielding, Managing Director EMEA at Apricorn.
The lack of government uptake contrasts with the private sector’s recognition of the growing need for insurance. According to separate findings from Apricorn’s annual 2024 research, 78% of IT security decision makers surveyed confirmed that they do have cyber insurance in place. Though it would seem that their trust in the insurance cover is not in line with its adoption rates with just 28% noting that they have cyber insurance in place and trust that they will be covered in the event of a breach.
A further 15% highlighted that they either have cyber insurance in place but are unsure that it covers them adequately in the event of a cyber breach (7%) or have cyber insurance in place and have been unsuccessful in claiming financial assistance (8%). Positively, 21% noted that they have cyber insurance in place but have not had to