The tenth year of the Zurich North America and Advisen Cyber Survey reveals that 78% of risk managers now purchase some level of cyber insurance — compared to only 34% in 2011.
Of this record of 78% with some cyber coverage, 55% have a stand-alone policy, while 13% have coverage included in their professional liability and others in another insurance program.
The results “make it clear that cyber insurance is no longer a luxury item, even amid a hardening insurance market and the COVID-19 pandemic,” the survey authors state.
For the 12% that do not have cyber insurance or are not in the process of buying it, price and buy-in from the C-suite and IT professionals in their organizations are their biggest obstacles, according to the results.
When it comes to cyber insurance coverage expectations, 72% want coverage for “bricking” (when an electronic device becomes unusable following a cyberattack); contingent business interruption (72%) and system failure coverage (70%); funds transfer fraud/ social engineering (66%); internet media liability (63%) and reputational harm (60%).
The survey also shows that ransomware and business interruption are the top concerns of risk managers.
The survey indicates that 60% of respondents feel either “extremely prepared” or “prepared” to respond to a ransomware event. They also cite business interruption as the worst possible outcome of a ransomware event, followed by reputational harm.
Risk managers appear to see a link between their employees working from home and potential cyber events. They ranked “Employees unintentionally infecting the company’s network with malware” and “Employees unintentionally giving sensitive information to a third party via social engineering” as concerns.
“Unprecedented change in the world requires us to think differently and act with agility. This survey reveals that customer expectations are changing as their level sophistication about cyber risks have grown,” said Michelle Chia, head of Professional Liability and Cyber for Zurich North America.
“Risk managers increasingly are connecting the dots between high-profile cyberattacks, business interruption, and reputational risk – and they’re looking for coverage that protects their business at the right price,” she said.
Other findings of the 2020 survey:
- Most buyers (60%) responding to the survey still “rely significantly on recommendations from brokers and underwriters” in deciding on their cyber insurance programs. Less than a quarter (24%t) are “heavily involved” in crafting the policy language and 22% say they buy an “off-the shelf” policy and add endorsements.
- Just over a third (35%) of respondents provide annual training for employees on cyber risks, while 24% conduct quarterly trainings.
- 81% of respondents have not changed what they spend on their cyber security.
A variety of industries were represented. Finance, banking, and insurance had the highest representation, with 27% of the total. Other industries with included manufacturing, healthcare, technology, educational institutions and nonprofits. Firms with between $1 billion and $10 billion in revenue comprised 30% of respondents and large businesses with more than $10 billion in revenue represented 16%, but 54% of respondents came from smaller and middle market companies with less than $1 billion in revenue.
Was this article valuable?
Here are more articles you may enjoy.