Businesses are beginning to rank cyber-security risks as greater than natural disasters and other major business risks, and while only 31 percent of companies are insured against data breaches, a growing number of companies are exploring policies, according to the findings of a survey by Experian Data Breach Resolution and the Ponemon Institute.
Security exploits are greater than or equal to a natural disaster, business interruption, fire or other disaster, according to 76 percent of respondents. However, on average, respondents say there is a 9 percent likelihood that their companies will experience the predicted maximum financial impact during a data breach.
“Companies worry about the financial impact following a data breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. “Cyber-insurance could be an important part of a risk management strategy to protect against potentially severe financial losses.”
Respondents quantified the average potential maximum financial risk of a data breach at $163 million (£105m), with some projecting more than $500 million in damages. Of the 56 percent that had breaches, they reported an average cost of these incidents as $9.4 million in the last 24 months.
The study found that the likelihood of a company considering a policy increases after it experiences an incident. Just under a third (31 percent) of companies reported current cyber-insurance coverage, and survey results suggested growth on the horizon, with 39 percent of respondents saying their organisation plans to purchase a policy.
Those without a policy noted that price is a roadblock for purchasing. Respondents also said that policy conditions that include excessive exclusions, restrictions and uninsurable risks inhibit their organisation from purchasing a policy. However, of those with insurance, 62 percent believe the premiums are fair, given the nature of the risk.
Of those with a policy, 30 percent have experienced an exploit or a data breach and submitted claims. Nearly all were happy with their providers’ responses to the claims. The survey revealed 62 percent of respondents had found that the process of evaluating cyber-insurance policies improved the company’s cyber-security preparedness and readiness. The study found most policies provided benefits for forensics and investigative costs (64 percent), notification costs to data breach victims (86 percent) and legal defense costs (73 percent).
“The evolution of how to prepare for and manage security exploits will continue to advance,” the report concluded. “The study indicates more and more interest and adoption of cyber-insurance policies as a means to mitigate the impact of an exploit.”
Do you know all about IT and the law? Take our quiz.
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…