Ricky Magalhaes, Managed Security Services Director at Logicalis, said: “Many companies think cyber insurance is an alternative to good cyber security practices, however, if you don’t have correct controls in place, your insurance will not cover you.

“Up to 80% of companies with cyber insurance are not following basic cyber security procedures, which means if they suffer a loss, it will be hard for them to claim because they have been negligent.”

The Logicalis Security Operations Centre detected more than 124 cyber-attacks on Jersey companies during the first three months of 2018 – just a fraction of the real level likely to be happening.

Common attacks included hackers exploiting vulnerabilities in systems caused by organisations failing to install patches, or compromising systems because they were badly configured. Ransomware is a significant concern, and the number of Office 365 Break-ins, where someone reads and edits emails without you knowing, is growing. A small number of companies also suffered a DDoS (Distributed Denial of Service) attack, where their internet bandwidth was hijacked. Logicalis also detected a significant number of cases where hackers have used credentials they’ve bought from the dark web to log in to systems.

Mr Magalhaes said: “If you leave your house open and have a break in, an insurance policy is unlikely to pay out. You need to be able to prove you locked the door, and prove that you had a break in. With cyber insurance, knowing that your data is up on the dark web is not proof that someone stole it. You need be able to identify the security breach, and prove that you took all the necessary steps to prevent it. If you are not diligent an insurer will not pay out.”

According to Morgan Stanley, the cyber insurance market is expected to be worth $10 billion by 2020. However, organisations need to put the correct controls in place if cyber insurance is to have any value for them.