Data breaches and the lack of proper cyber security continue to threaten businesses of all sizes, but the rate in which businesses properly respond to such threats with the appropriate insurance coverages remains underwhelming.
50% of U.S. firms do not have cyber risk insurance. 27% of U.S. executives say their firms have no plans to obtain cyber insurance, even though 61% of them expect cyber breaches to continue to increase in the next year.
Even among those that have insurance, only 16% reported having cybersecurity insurance that covers all risks.
The U.S. falls behind the U.K. and Canada in this regard, where only about 40% have no cyber coverage.
The research behind these statistics come from a survey conducted by the research firm Ovum for the Silicon Valley analytics firm FICO. The researchers conducted telephone interviews with 350 c-suite executives and senior security officers from financial services, telecommunications, healthcare, retail, e-commerce and media service providers to better drill down on just how many businesses are not covered and are at risk. The respondents represented various size companies: 30% had 500 to 1,000 employees; 28% had 1,001 up to 4,999; 17% had 5,000 up to 9,999, and 25% had more than 10,000.
“With so many firms concerned about a rise in the likelihood of cyber breaches in the next year, it’s troubling to see that half of them don’t have any cybersecurity insurance protection,” said Bob Shiflet, who oversees fraud and financial crime solutions at FICO. “There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable.”
According to the Ponemon Institute at the University of Michigan, on average, an individual data breach carries a price tag of approximately $3.5 million. Ponemon surveyed 314 companies in 10 countries as opposed to the RAND study’s private dataset of 12,000 cyber incidents which reported an average out-of-pocket loss of approximately $200,000.
Despite the glaring costs associated with a breach, cyber insurance remains widely underutilized by businesses. Reasons for this vary, but center around misperceptions of potential threats and lack of clarity regarding coverages and price.
The cost and lack of clarity about cyber insurance pricing has proven to be an obstacle. Only 25% of survey respondents believe that premiums provide a genuine reflection of the risk profile of their organization. Only 23% believe that the insurance industry is clear and transparent in its approaches to pricing.
U.S. executives identified several ways the risk assessment process used by insurers could be improved. 29% say that insurers should provide clear guidelines about how premiums are chosen, 28% would like clearer communications as to why premium adjustments happen and 23% would like insurers to introduce an industry standard for benchmarking cyber risk.
Depending on the size and scope of the potential risk, cyber insurance premiums tend to be generally inexpensive while covering a broad range of potential threats. As the product continues to evolve to better protect businesses and respond to such rapidly changing and sophisticated breaches, the need for cyber insurance continues to grow.
Most brokers have never even mentioned these risks to their clients and there is a good chance your current broker is one of them. It’s important to align your business with a firm that not only understands the risks these threats pose, but one that also understands the full range of coverages available and has the experience and industry knowledge to know the costs associated with such coverages. Please contact us if you are interested in learning more about this.
Information about the Author: Jared graduated from West Virginia University earning a degree in Multidisciplinary Studies with minors in English, Sociology, and Communications. Prior to joining IA, Jared began his insurance career as a marketing intern with Philadelphia Insurance Companies in PA. He then joined Brown and Brown Insurance where he was trained and began learning the agency side of the insurance business focusing on the healthcare and construction industries. At IA he is responsible for developing new client relationships and guiding them in their insurance needs.