Increasing costs related to data breaches are prompting many enterprises to purchase cybersecurity insurance. A new study from Ponemon Institute, “Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age,” revealed that 31% of the respondents already have the specialized insurance, while 57% of those uninsured plan to purchase a policy in the future.
Most of the companies that have purchased a cybersecurity insurance policy (70%) have experienced a data breach. They have learned first-hand just how costly a breach can be. The respondents reported that the average financial impact on companies suffering one or more incidents was $9.4 million. The average potential risk of future incidents was estimated to be $163 million, most of which involved the loss of business confidential information.
From a business perspective, 41% of the respondents consider cybersecurity risks to be greater than other insurable business risks, such as natural disasters and business interruption. More than a third (35%) said cybersecurity risks are equal to other insurable business risks.
Many of the policies that have been issued cover expenses incurred during and after a breach. For example, 86% of the policies cover notification costs, 73% cover legal defense costs; 64% cover forensics and investigative costs, and 48% cover replacement of lost or damaged equipment. Less than one-third (30%) of the policies cover third-party liability.
Even though insured respondents felt the cost of the insurance was fair given the risk, high premiums were cited as the main reason others had not purchased a policy to date.
Policies typically cover the most common and costly incidents, including human error and negligence, external attacks by cyber criminals, system or business process failures, and malicious or criminal attacks from inside. Not surprisingly, the industry sectors with the highest insurance adoption rate were technology and software (41%) and financial services (37%).