The number of cyber attacks has continued to rise at an alarming rate and with them there has been an increase in awareness of cybersecurity and the importance of protecting organizations (though there could always be more!)
In 2014, the likely annual cost of cybercrime to the world’s economy was estimated at $445 billion or more almost 1% of global income. Security companies are racing to offer cyber protection, but given the circumstances, you would be surprised by how few organizations have embraced these policies. In a recent survey, nearly one-third of respondents said their company carried no cybersecurity policy.
Factors hindering cyber insurance adoption
Considering the rise in data breaches, insurance companies are having a hard time convincing organizations to purchase their policies. Here are some of the factors hindering the adoption of security policies:
Premiums are too expensive
In order for insurance companies to make money, they have to plan for your premium to exceed the cost of mitigating your claim. Cyber insurance can cost anywhere from $7,000 to $40,000 per million dollars in loss, and company losses from data breaches can total anywhere from tens to hundreds of millions. Organizations are not only left in shock of the price, but also torn on how much coverage they need. If they choose to spend less, they risk not having enough coverage, but if they choose higher coverage, their premiums are extremely high.
Exclusions and restrictions
Some companies purchase standard policies without understanding what is fully covered. There are many details that can be misleading, everything from the coverage of tangible versus physical property to lawsuits and claims. Sublimits of coverage do not often arise until a claim is made and the insurer refuses to not cover. In order to avoid this, organizations should pay close attention to policies before purchasing by having risk officers and legal counsel note any details that do not match up with the coverage.
Many company executives and decision-makers mistakenly believe that standard corporate insurance policies will cover losses that have resulted from data breaches, but in most cases they will not. Companies commonly have questions of what types of policies are out there, what they cover, how to select the best policy and whether policies are even necessary. There tends to be a gap in communication between executives and IT professionals in the company, with IT included in cyber insurance decisions only 32% of the time. IT teams and company decision-maker should be collaborating on insurance decisions to ensure they are choosing the policy that answers all of their questions and fit the company’s goals.
Is cyber insurance right for your company?
Cyber insurance may or may not be right for every company. Here are 5 questions organizations should address when considering adopting these policies into their system:
- Most articles on cyber insurance are promoted by those in the industry – are we buying into the sales pitch?
- Does the broker have the experience in working with cyber security claims?
- Have we created scenarios of cyber loss to ensure the insurer is hiding exclusions?
- What is the best type of coverage for our organization?
- Are we sure that the insurer will actually pay our claims or will they put up a fight over details?
Cybersecurity insurance is still in its early stages, which means there are inconsistencies across the board on standards and regulations. That is not to say that purchasing a policy is a bad decision for your organization. Companies should consider the assets and vulnerabilities of purchasing insurance through a provider to determine if it is the smartest fit for them.