Businesses are beginning to rank cyber-security risks as greater than natural disasters and other major business risks, and while only 31 percent of companies are insured against data breaches, a growing number of companies are exploring policies, according to the findings of a survey by Experian Data Breach Resolution and the Ponemon Institute.
Security exploits are greater than or equal to a natural disaster, business interruption, fire or other disaster, according to 76 percent of respondents. However, on average, respondents say there is a 9 percent likelihood that their companies will experience the predicted maximum financial impact during a data breach.
“Companies worry about the financial impact following a data breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. “Cyber-insurance could be an important part of a risk management strategy to protect against potentially severe financial losses.”
Respondents quantified the average potential maximum financial risk of a data breach at $163 million (£105m), with some projecting more than $500 million in damages. Of the 56 percent that had breaches, they reported an average cost of these incidents as $9.4 million in the last 24 months.
The study found that the likelihood of a company considering a policy increases after it experiences an incident. Just under a third (31 percent) of companies reported current cyber-insurance coverage, and survey results suggested growth on the horizon, with 39 percent of respondents saying their organisation plans to purchase a policy.
Those without a policy noted that price is a roadblock for purchasing. Respondents also said that policy conditions that include excessive exclusions, restrictions and uninsurable risks inhibit their organisation from purchasing a policy. However, of those with insurance, 62 percent believe the premiums are fair, given the nature of the risk.
Of those with a policy, 30 percent have experienced an exploit or a data breach and submitted claims. Nearly all were happy with their providers’ responses to the claims. The survey revealed 62 percent of respondents had found that the process of evaluating cyber-insurance policies improved the company’s cyber-security preparedness and readiness. The study found most policies provided benefits for forensics and investigative costs (64 percent), notification costs to data breach victims (86 percent) and legal defense costs (73 percent).
“The evolution of how to prepare for and manage security exploits will continue to advance,” the report concluded. “The study indicates more and more interest and adoption of cyber-insurance policies as a means to mitigate the impact of an exploit.”
Do you know all about IT and the law? Take our quiz.
Originally published on eWeek.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…