Home | Print Page | Contact Us | Sign In | Register
Weekly Industry News
Blog Home All Blogs
Search all posts for:   

 

View all (1514) posts »
 

Who has Cyber Insurance? Not that Many

Posted By Administration, Tuesday, June 6, 2017

 

A new survey by the research firm Ovum says 50% of U.S. businesses don’t have cyber risk insurance. Just 16% of the 100% have full coverage. The survey was done for the analytics company FICO and it also found 27% of that 50% say their companies have no plans to purchase said insurance.

Ironically — and dangerously — 61% say they expect cyber attacks increase in the next year.

The survey found U.S. companies lag in cyber coverage when compared to Canada and the United Kingdom. The report says 40% of firms report no cyber coverage in those countries.

And why? Mistrust of insurance pricing is what most say.

The survey is wide-ranging. It connected with 350 c-suite executives and senior security officers. They come from sectors like:

  Financial services

  Telecommunications

  Healthcare

  Retail

  E-commerce

  Media service providers

Company sizes:

  30% have 500 to 1,000 employees

  28% have 1,001 to 4,999 employees

  17% have 5,000 to 9,999

  25% have more than 10,000

Bob Shiflet of FICO said the Ovum survey finds U.S. healthcare to be father behind than most when it comes to cyber insuring. None of those surveyed in healthcare have insurance that covers all risks and 74% had no insurance at all. Shiflet said this is troubling but some of that must be laid at the feet of the insurance industry.

“There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable,” Shiflet said.

Cost and lack of clarity from the industry is problematic:

  Just 25% of those responding think premiums reflect their risk profile

  Only 23% think the insurance industry is clear and transparent in its approach to pricing

  29% of the executives think insurers need clear guidelines about how premiums are chosen

  28% want clearer communications on why premiums are adjusted when that happens

  23% want insurers to introduce a standard for benchmarking cyber risk

Hiscox did a similar survey that said 55% of U.S. firms have taken out cyber insurance but these businesses are — as with the Ovum survey — confused about what cyber coverage actually entails and what is protected.

For those who don’t have cyber insurance:

  26% do not plan to purchase

  41% said cyber insurance policies are not relevant to their business

  17% say they have no plans to take out insurance — ever — and agreed with this statement: Cyber insurance policies are so complicated — I don’t understand what cyber insurance would cover me for.

Deloitte also did a survey that found buyers just don’t understand cyber risks or options for insurance. And all — the report found — want standardized policies. “Similar cyber insurance products offered by different providers often include alternative features, which makes it difficult for buyers to compare policies by value and price,” the report said.

Deloitte also outlined steps similar to those of Ovum for insurers to take:

  Standardize policy language

  Develop a risk-informed model rather than a definitive predictive model for cyber risks

  employ more targeted underwriting by industry or exposure

  Offer more holistic cyber risk management programs

RAND Corporation did a different report and hit the real nail on the head. Companies — it found — just don’t see cyber insurance as a good investment. The typical cost of a breach according to RAND is $200,000 which means an event will cost a company about 0.4% of annual revenues.

Sasha Romanosky of RAND put it in perspective. “Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think. It may be bad for you if you are the victim, but it doesn’t change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You can’t begrudge them for working that way,” Romanosky said.

Ponemon seriously disagrees with RAND’s conclusions. It’s report from May of 2014 found the average data breach costs something like $3.5 million for super-sized companies.

 

Source link: Insurance Journal

Tags:  Cyber Breach  Cyber Insurance  Cyber Security  Insurance Content  Insurance Industry  Insurance News  Weekly Industry News  Who has Cyber Insurance? Not that Many 

Share |
Permalink | Comments (0)
 

A special thank you to our KKlub Members for their support.