Do IT Service Providers Practice What They Preach? Hiscox Study Reveals Cybersecurity Insurance Gaps
The old saying "the cobbler's children have no shoes" suggests professionals often neglect their own needs while serving others. But does this apply to IT service providers and their cybersecurity practices? Hiscox dedicated an entire study to this question, interviewing Marc Thamm to uncover whether Germany's IT experts are walking their security talk or leaving themselves dangerously exposed.
The findings reveal a complex picture: while IT service providers demonstrate sophisticated risk awareness—particularly regarding cybersecurity threats and AI implementation risks—significant insurance gaps persist, especially among smaller companies. As demand for AI services surges and cyber attacks increase, understanding these protection disparities becomes crucial for both IT providers and their clients.
The AI Boom: Opportunity and Risk for IT Service Providers
Artificial intelligence represents both a major growth opportunity and a significant risk consideration for IT companies. Hiscox's survey of German IT decision-makers reveals:
- 69% confirm increasing demand for AI and big data projects
- 64% expect significant future growth in AI-related contracts
- This trend spans companies of all sizes, indicating widespread business adoption
"AI has become a significant growth field for IT service providers," notes Marc Thamm. "This shows companies are increasingly sensitized to this technology."
However, perceptions of AI vary dramatically by company size:
| Company Size | View AI as Helpful Tool | View AI as Security Risk |
|---|---|---|
| Small Companies | 25% | 45% |
| Large Companies | Nearly 50% | Lower percentage |
| Overall Average | 42% | 30% |
Interestingly, 26% of respondents see AI as both a potential risk and a helpful tool, reflecting the nuanced understanding common in technical fields. "Like the rest of society, IT professionals don't see AI as purely black or white," Thamm observes. "The industry recognizes that clear regulations and legal frameworks are still needed."
Sophisticated Risk Awareness Meets Insurance Gaps
IT service providers demonstrate remarkably sophisticated risk awareness that has increased compared to previous years:
- Data loss through human error or IT failure worries nearly two-thirds of providers
- Data loss through cyber attacks and IT infrastructure failure concern 62% (up from 59% last year)
- Over half also identify programming errors, project delays/failures, and intellectual property violations as significant threats
"IT service providers have very pronounced risk awareness," Thamm emphasizes. This sophistication varies by company size, with one-third of very large companies rating data loss from cyber attacks as "very critical" compared to just 15% of small companies.
The Insurance Reality: Three Pillars of Protection
To address these diverse risks, IT providers increasingly adopt what Thamm calls a "three-pillar principle" of insurance protection:
- IT Operational Liability Insurance (47% adoption)
- Cyber Insurance (45% adoption)
- IT Professional Liability Insurance (40% adoption)
However, significant disparities emerge when examining company size:
- 60% of companies with 500+ employees carry cyber insurance
- Only 25% of small companies are insured against cyber and data risks
- 15% of smaller companies have none of these essential coverages
"While we observe that small companies are slowly catching up—it was 20% last year—this percentage is still far too high," warns Thamm. The practical necessity of coverage becomes clear when examining actual claims: "Project delays are one of the most frequently reported loss events we see. Without insurance, such risks can threaten a company's very existence."
Closing the Protection Gap: Challenges for Smaller IT Firms
The study reveals both progress and persistent challenges in IT service provider insurance coverage:
Positive Trends:
- The insurance gap is slowly closing due to increased risk awareness
- Growing regulatory requirements create a "push-and-pull effect" driving adoption
- Larger companies demonstrate comprehensive protection strategies
Persistent Challenges:
- Smaller companies often lack complete protection frameworks
- Confusion persists about what different insurance solutions cover
- Cyber attack numbers are rising precisely among small and medium enterprises
"Smaller and medium-sized companies still need further sensitization and education," Thamm stresses. "This is particularly urgent because cyber attack numbers are increasing for these companies."
Key Takeaways for IT Service Providers and Their Clients
For IT companies evaluating their risk management strategies:
- Don't let sophistication in risk awareness create complacency—translate awareness into action
- Implement the three-pillar protection framework—operational liability, cyber insurance, and professional liability
- Address AI-related risks proactively as demand for these services grows
- Smaller companies should prioritize cyber insurance given increasing attack frequency
For businesses hiring IT service providers:
- Verify insurance coverage as part of vendor due diligence
- Understand what protections your providers carry—their gaps become your risks
- Consider requiring minimum insurance standards in service contracts
The Hiscox study ultimately reveals that while IT service providers aren't quite the "cobblers with no shoes," many—particularly smaller firms—are walking with inadequate protection in an increasingly dangerous digital landscape. As AI adoption accelerates and cyber threats evolve, closing these insurance gaps becomes essential for both provider stability and client security.