Businesses Upping Cyber Cover Purchases

As we go to press, Zurich Insurance released its fifth annual Advisen Cyber Survey of U.S. risk managers looking at trends in information security and cyber liability. Zurich presented the key findings, analysis and conclusions during a presentation at the Advisen Cyber Risk Insights Conference in New York on October 20th. The results reflect responses from more than 400 respondents representing U.S.-based risk managers, insurance buyers and other risk professionals covering both large and small companies.

The survey shows that demand for the coverage and for higher limits is up to what a spokesman for Zurich calls “double digit growth year over year.” Bryan Salvatore, president of Specialty Products for Zurich North America stated “That is why we are heavily invested in identifying risks and delivering solutions and why we are committed to staying at the forefront of this issue.”

According to the results, the overall upward trend of organizations purchasing cyber liability insurance is accelerating in 2015, up nine percentage points over 2014. Since the first survey in 2011, there has been a 26 percentage point increase in the number of business respondents with cyber liability coverage.

Other key findings include:

  • Two-thirds of respondents have either increased their policy limits or are considering increasing their limits. The vast majority of respondents purchase cyber coverage on a standalone basis.
  • Organizations are increasingly developing data breach response plans, up 10 percentage points since last year.
  • Ninety-three percent of respondents are at least moderately concerned about cyber related business interruption (BI) and contingent business interruption (CBI) exposures – with 23 percent extremely concerned.
  • Risk professionals increasingly view cyber risks as an extremely serious threat.
  • Boards and executive management continue to view cyber risks more seriously.
  • The primary reason why respondents have yet to purchase coverage is that their superiors do not see the need.
  • Privacy violation/data breach of customer records is the biggest concern of respondents.
  • More organizations view information security as an organizational challenge rather than just an issue to be addressed by the Information Technology (IT) department.

Resilience requires an understanding of changing exposures, including those created due to our increasing reliance on technology. The survey touched on some of these emerging risk issues as well. Social media has many positives but also exposes organizations to certain risks like reputational damage, privacy issues, and data breaches. Seventy-six percent of respondents said their companies have a written social media policy.

Due to its cost effectiveness and storage capacity, the cloud has become a popular alternative to storing data in-house. Warehousing proprietary information on someone else’s server, however, makes some organizations uncomfortable. Nonetheless, the benefits continue to outweigh the security concerns. When asked “Does your company use cloud services?” sixty-seven percent responded yes.

Organizations are increasingly concerned with the security of non-companycontrolled mobile devices. Seventy-nine percent have a mobile device security policy. Fifty-six percent of respondent companies now have a “bring your own device” policy, which is a 20 percentage point increase in just three years. A newer challenge is the Internet of Things, defined as everyday objects that have network connectivity. Businesses increasingly look to smart technology to increase efficiency and overall competiveness. When asked if your company has an exposure to the IoT, 43 percent of respondents said yes. This will be an interesting exposure to continue tracking in the years to come.

“With the increase in frequency and severity of data breaches and new exposures continuing to surface, these results enhance our ability to help businesses better understand and protect themselves from cyber related risk,” Salvatore added.

Readers can gain access to the complete survey results The Fifth Annual Survey … Information Security and Cyber Liability Risk Management on the current state of and trends in information security and cyber liability risk management at https://www.zurichna.com/cyber.

The survey reflects the attitudes of 448 respondents representing businesses from all sizes but is slightly weighted towards larger companies, with 52 percent of respondent companies having revenues in excess of $1 billion. In addition, all 13 macro industry segments are represented. Healthcare has the highest representation, accounting for 23 percent of the total respondents; followed by Professional Services at 17 percent; Industrials at 11 percent; Government and Nonprofit at 10 percent; Nonbank Financial at 8 percent; Consumer Discretionary at 6 percent; Education at 5 percent; Consumer Staples, Energy and Materials at 4 percent; Banks and Utilities at 3 percent; and Telecommunications at 2 percent.