1. Home
  2. Knowledge Hub
  3. 2018 Advisen survey highlights increasing cyber risk threats

2018 Advisen survey highlights increasing cyber risk threats

November 13, 2018

Zurich-sponsored Information Security and Cyber Risk Management survey reports significant growth in use of insurance to defend against cyber risks.

Senior Vice President, Head of Specialty Products E&O

Michelle Chia is the Head of Specialty Products Errors and Omissions (E&O) for Zurich North America,... About this expert


Cyber risks facing businesses around the globe are becoming more worrisome and costly with each successive event. Large corporations and middle market companies alike are more aware that a major breach of user information or a ransomware attack can mean serious consequences. As a result, more organizations are turning to insurance solutions to deal with this evolving risk.

Growing interest in insurance as a critical line of defense against cyber risk was one of the key findings of Advisen’s 2018 Information Security and Cyber Risk Management survey, which was reported at the group’s Cyber Risk Insights Conference in New York City on Oct. 25. Sponsored by Zurich since 2011, the survey queries chief risk managers and members of risk management departments to gain a deeper understanding of their thinking about the management of current and future cyber risks.

The 2018 survey noted that 75 percent of respondents have purchased cyber insurance coverages, either in stand-alone policies or through endorsements. During the eight years Zurich has sponsored the survey, the percentage of companies seeking insurance solutions has increased 40 percentage points, with a 10 percentage point uptick in the purchase of cyber insurance during 2017 alone – the largest year-over-year increase since the survey began.

However, there remains an imbalance between large corporations and middle market companies in terms of insurance utilization. Although middle market companies generally lack the resources and knowledge larger organizations may have to “block and tackle” cyberattacks, they also appear to be less likely to purchase insurance. Middle market risk management professionals need to work to impress upon C-suites and boards the importance of developing a mindset of cyber resilience, including available insurance solutions.

Another notable development was the advent of the European Union’s General Data Protection Regulation (GDPR). The regulation sets strict guidelines governing how the personally identifiable data of European citizens can be utilized by organizations beyond EU borders. According to the Advisen survey, nearly twice as many large companies, defined as those with more than $1 billion in annual revenue, made changes to their cybersecurity controls to comply with the GDPR when compared with middle market firms, defined as organizations with less than $1 billion in annual revenue. Overall, only 40 percent of survey respondents said they had made changes to cybersecurity controls as a result of the GDPR, a surprising conclusion given the potential of large fines for violations.

Recognizing that organizations of all sizes may need help in responding to cyber risks, Zurich recently refreshed the Zurich Cyber Insurance Policy to bring together all currently available coverages under a single, globally uniform solution. Supporting this solution are the services of Zurich’s highly experienced cyber risk engineers, as well as the risk assessment and 24/7 monitoring services of a leading managed security service provider.

Looking ahead, Zurich will continue its collaboration with Advisen and other cyber risk research initiatives to better assess and understand the cyber threats that may impact our customers in the years to come.

Related articles

The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.

Comments with LinkedIn

You are logged in as (Logout)

Input is not correct!