Zurich’s 2018 Advisen cyber survey reveals a growing reliance on cyber insurance
NEW YORK, October 25, 2018
Recent regulatory changes / business continuity events are top influences; Response to cyber-related risks differ greatly for middle and large market customers
Zurich Insurance has released the eighth annual Advisen cyber survey revealing the current state of and trends in information security and cyber liability risk management. The findings indicate a growing reliance on cyber insurance. The percentage of companies that purchase cyber insurance, either via stand-alone policies or endorsements, has increased 40 points since the survey began in 2011. The results of this year’s study show a 10 percentage point uptick from 2017, the largest year-over-year increase since its inception.
“Cyber risks continue to change and businesses continue to look for ways to protect themselves from those risks,” said Paul Horgan, head of North America Commercial Insurance for Zurich North America. “These survey results provide a critical snapshot of the attitudes, concerns and actions of risk managers. It is our responsibility to respond to their needs and concerns with innovative services and solutions.”
Survey results show that two factors were primarily influential in driving cyber insurance purchases this past year: regulatory changes such as the European Union’s (EU) General Data Protection Regulation (GDPR) and business continuity risks such as the Dyn distributed denial of servicer (DDoS) attack, WannaCry and NotPetya events. These caused significant losses to businesses around the world, shutting down network systems and in many cases slowing or actually halting business operations.
Middle Market(less than billion) versus Large (more than billion)
The survey results also revealed a divergence between the purchasing preferences and experiences of large versus middle market companies. In the past year, 38 percent of large companies have altered their cyber security insurance program compared with just 18 percent of middle market companies. Company revenue size also impacted response to:
Recent Regulatory Changes:
- Nearly twice as many large companies made changes to their cybersecurity controls as a result of GDPR compared with middle market companies.
- Many middle market companies believe that GDPR does not impact their organization because they do not collect consumer data or have operations in the EU.
- Seven times as many large company respondents as middle market company respondents cited regulatory uncertainly as the primary reason for purchasing cyber insurance.
- While business continuity events were a wake-up call for all businesses, the survey revealed large companies viewed them as a greater concern.
- Middle market companies expressed less concern over business continuity risk than larger companies, even though they have been more frequently impacted by business interruption losses.
- Twice as many middle market companies as large companies said cyber supply chain risk had not affected their vendor management controls.
- Large companies surveyed were 20 percent more likely than middle market counterparts to have altered their cyber security program in the past year due to the evolving nature of the threat landscape.
- Large companies were more likely than middle market companies to mitigate supply chain risk using a variety of tools available to them.
- Seventy-two percent of large companies include cyber insurance requirements in their request for proposals and contracts, compared with 41 percent of middle market companies.
Beyond Data Security and understanding new exposures:
High-profile cyber events like the ransomware and malware events have brought to light the potential for substantial cyber losses that go beyond data breaches. Overall, the study revealed risk professionals remained more concerned about their exposures to data integrity risks than business continuity risks. On average, 33 percent of the respondents rated data integrity risks as “high risk,” compared with 18 percent for business continuity risks. Again, the results vary based on company size. On average, 21 percent of large organizations rated business continuity risks as “high risk,” compared with 15 percent of middle market companies.
“There remains a great need, particularly within the middle market, for education and guidance in developing cyber risk management programs and improving cyber resiliency,” said Michelle Chia, head of Specialty E&O for Zurich North America. “The industry is well-positioned to understand those needs and to help develop strategic cyber risk mitigation and response initiatives for the middle market, and to demonstrate the benefits of cyber insurance policies.”
Zurich is presenting the key findings, analysis and conclusions today during a presentation at the 2018 Advisen Cyber Risk Insights Conference in New York City. The survey represents a sustained commitment by Zurich and Advisen to stay current with these evolving cyber risks and the impact they have on businesses of all sizes.
The survey results reflect 313 respondents representing risk managers, insurance buyers and other risk professionals representing business of all sizes but slightly weighted towards larger companies with 54 percent of respondent companies having revenues (or budgets for nonprofit or government entities) of billion or less. Finance, Banking and Insurance has the highest industry representation at 26 percent of the total. Other industries with significant representation include manufacturing at nine percent; healthcare at eight percent; and educational institutions and technology services both at seven percent.
Interested parties can gain access to the complete survey results Information Security and Cyber Risk Management The eight annual survey on the current state of and trends in information security and cyber liability risk managementat https://www.zurichna.com/en/knowledge/articles/2018/10/eighth-annual-advisen-information-security-and-cyber-risk-management-survey
Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With about 53,000 employees, it provides a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, as well as multinational corporations. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.
In North America, Zurich is a leading provider of insurance products and services, including workers’ compensation, liability, property, specialty and F&I (finance and insurance) for a number of major industries, such as Construction, Auto Dealers, and Technology. It offers life insurance and disability coverage in the United States. Zurich employs approximately 9,000 people in North America. It’s a top-four commercial insurer in the U.S. and has been insuring U.S. businesses for more than 100 years. Further information is available at www.zurichna.com.