- Cyber Insurance
The Knowledge
,
16th March 2020Cyber risks have become the top risk concern for businesses, according to the latest Travelers Risk Index, a survey of 1,200 business decision-makers.
“Cyber has always been a high concern, but this is the first time in the history of our survey that cyber risk has been the single biggest worry for businesses,” said Davis Kessler, Head of Cyber at Travelers Europe. “Concern about cyber risk grew 60 percent over the previous year’s results, surpassing such concerns as economic uncertainty and employee benefit costs.”
The concern is well founded: The survey results indicated that one in five of the businesses had been a victim of a data breach or cyber event – a figure that has more than doubled in the past four years. In the UK, those figures are even higher. According to a 2019 government-led study of cybersecurity breaches at UK businesses and charities, 32 percent of businesses had identified cybersecurity breaches or attacks in the previous 12 months.
Big worries, little preparation
Businesses that responded to the Travelers survey said their four biggest cyber concerns were computer system hacks, cybercriminals accessing financial accounts, cyber extortion and ransomware, and employees putting information or systems at risk. Those concerns reflect the reality of cyber incidents that Travelers has observed in the more than 25,000 cyber insurance policies it has in force worldwide. “There is a clear correlation to what we’re seeing in terms of the types of attacks impacting our insureds,” Kessler said.
Despite that, almost half of businesses lack confidence in their ability to prevent or mitigate cyber risks or to respond after an incident. Travelers found that nearly one-quarter of firms lack confidence in their cyber protections and, in fact, aren’t implementing even the most basic controls needed to avert an attack, such as data back-up processes or required routine computer password updates. Less than half of firms have a written business continuity plan to guide them after an incident.
A new role for insurers
Cyber insurers can help businesses manage their cyber risk – and not just by paying claims. While insurance can cover financial losses, it also provides policyholders with a point of contact to help in the aftermath of an incident. These expert response providers can guide the insured through the legal notifications it must provide after an attack, as well as offer the services of forensic IT professionals who can assess a company’s systems, identify vulnerabilities and restore backup.
While Travelers has seen firms of all sizes in every type of industry suffer cyber events, the survey found that nearly one-quarter of businesses are not familiar enough with cyber coverage to purchase it – and almost one-quarter don’t even know cyber insurance exists. In the UK, only 11 percent of all businesses have cyber insurance and nearly one-quarter of businesses consider themselves too small of a risk to require it.
To close the gap between cyber risks and available protections, Kessler said, it’s up to carriers and brokers to educate clients about how cyber insurance works.
“When you buy a cyber policy, you’re buying more than typical insurance that merely pays back a loss,” he said. “You’re buying a service contract that gets you back on track following a cyber incident by helping you address customer concerns, manage your reputation and continue trading with minimal disruption.”
