Okay, what about the mid-market accounts (those above $10MM in rev.) Those that conduct online sign-ins’; sales, etc.? What % of those have Cyber coverage? How much ‘risk-management’ goes on in those environments that makes them think they have in-house measures that are adequate?
Annual revenue of more than $1 billion is a good sized company and the cyber policies for those groups tend to be very high limit and high reserve policies. Companies of this size shouldn’t be the measure of the market, especially considering they can usually absorb a breach on their own because with proper planning they have the staff, controls, reserves, etc. to deal with a situation in an efficient and cost effective manner. For these larger companies frankly, the money typically spent on these mono-line cyber policies may sometimes actually be better spent somewhere else.
On the other hand, small to midsized companies tend to be much better served by low cost privacy/data breach response oriented insurance offerings. They have tight IT security budgets (if any) and typically lack the resources for proper awareness and training around data privacy risk reduction practices.
I think that the market needs to mature a little more before your average commercial carrier and broker really recognize that “cyber liability coverage” is not a one-size fits all policy; different markets and industries have very different needs.
Ed Goodman
Chief Privacy Officer
IDentity Theft 911
Scottsdale, AZ
Okay, what about the mid-market accounts (those above $10MM in rev.) Those that conduct online sign-ins’; sales, etc.? What % of those have Cyber coverage? How much ‘risk-management’ goes on in those environments that makes them think they have in-house measures that are adequate?
Annual revenue of more than $1 billion is a good sized company and the cyber policies for those groups tend to be very high limit and high reserve policies. Companies of this size shouldn’t be the measure of the market, especially considering they can usually absorb a breach on their own because with proper planning they have the staff, controls, reserves, etc. to deal with a situation in an efficient and cost effective manner. For these larger companies frankly, the money typically spent on these mono-line cyber policies may sometimes actually be better spent somewhere else.
On the other hand, small to midsized companies tend to be much better served by low cost privacy/data breach response oriented insurance offerings. They have tight IT security budgets (if any) and typically lack the resources for proper awareness and training around data privacy risk reduction practices.
I think that the market needs to mature a little more before your average commercial carrier and broker really recognize that “cyber liability coverage” is not a one-size fits all policy; different markets and industries have very different needs.
Ed Goodman
Chief Privacy Officer
IDentity Theft 911
Scottsdale, AZ