Cyber risks facing businesses around the globe are becoming more worrisome and costly with each successive event. Large corporations and middle market companies alike are more aware that a major breach of user information or a ransomware attack can mean serious consequences. As a result, more organizations are turning to insurance solutions to deal with this evolving risk.
Growing interest in insurance as a critical line of defense against cyber risk was one of the key findings of Advisen’s 2018 Information Security and Cyber Risk Management survey, which was reported at the group’s Cyber Risk Insights Conference in New York City on Oct. 25. Sponsored by Zurich since 2011, the survey queries chief risk managers and members of risk management departments to gain a deeper understanding of their thinking about the management of current and future cyber risks.
The 2018 survey noted that 75 percent of respondents have purchased cyber insurance coverages, either in stand-alone policies or through endorsements. During the eight years Zurich has sponsored the survey, the percentage of companies seeking insurance solutions has increased 40 percentage points, with a 10 percentage point uptick in the purchase of cyber insurance during 2017 alone – the largest year-over-year increase since the survey began.
However, there remains an imbalance between large corporations and middle market companies in terms of insurance utilization. Although middle market companies generally lack the resources and knowledge larger organizations may have to “block and tackle” cyberattacks, they also appear to be less likely to purchase insurance. Middle market risk management professionals need to work to impress upon C-suites and boards the importance of developing a mindset of cyber resilience, including available insurance solutions.
Another notable development was the advent of the European Union’s General Data Protection Regulation (GDPR). The regulation sets strict guidelines governing how the personally identifiable data of European citizens can be utilized by organizations beyond EU borders. According to the Advisen survey, nearly twice as many large companies, defined as those with more than $1 billion in annual revenue, made changes to their cybersecurity controls to comply with the GDPR when compared with middle market firms, defined as organizations with less than $1 billion in annual revenue. Overall, only 40 percent of survey respondents said they had made changes to cybersecurity controls as a result of the GDPR, a surprising conclusion given the potential of large fines for violations.
Recognizing that organizations of all sizes may need help in responding to cyber risks, Zurich recently refreshed the Zurich Cyber Insurance Policy to bring together all currently available coverages under a single, globally uniform solution. Supporting this solution are the services of Zurich’s highly experienced cyber risk engineers, as well as the risk assessment and 24/7 monitoring services of a leading managed security service provider.
Looking ahead, Zurich will continue its collaboration with Advisen and other cyber risk research initiatives to better assess and understand the cyber threats that may impact our customers in the years to come.