Study looks at the views of risk managers about cyber risk management
- Published: Friday, 04 October 2019 08:09
Zurich Insurance, in collaboration with Advisen, has released the ninth annual cyber survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk management. A key finding of the 2019 survey is that business interruptions due to cyber events are a top concern. That concern is driving a desire for increased cyber business interruption availability and limits.
Key findings include:
- 82 percent of respondents stated that cyber risk has become a significant concern across their entire organizations;
- 95 percent of respondents said that they expect business interruption to be covered under their cyber policies in the event of a claim;
- 75 percent reported that they expect contingent business interruption to be covered, reflecting awareness that third-party cyber breaches affecting vendors can impact supply chains and vital services;
- 74 percent of insurance buyers who changed their cyber coverages in the last year did so to purchase higher limits than those provided by their prior policies.
The survey found that corporate insurance buyers' increased awareness of the business interruption potential of cyber attacks is driven in part by the increasing frequency of headlines about ransomware attacks over the past 12 to 18 months. Choosing from a list of 11 possible outcomes of cyber risk events, 95 percent named data breach as the number one risk, followed closely by cyber-related business interruption at 94.5 percent and cyber extortion/ransom at 89 percent.
Another risk addressed by survey respondents concerned the potential impacts of regulatory fines and penalties. In the wake of the European Union's General Data Protection Regulation (GDPR) fines levied against two multinational corporations, insurance buyers want to know how their coverages will respond in the event they are ruled out of compliance with the GDPR and similar laws. A significant number of risk managers – 71 percent – report that they expect their cyber insurance coverages to cover regulatory fines and penalties, while 35 percent stated that they purchased cyber coverage expressly for that purpose, up from 26 percent in the 2018 Advisen survey.
The results reflect 350 respondents representing risks managers, insurance buyers and other risk professionals covering both large and small companies around the world. Finance, banking and insurance industries are the most highly represented. Businesses of all sizes but slightly weighted toward smaller and middle market companies having revenues (or budgets for nonprofit or government entities) of $1 billion or less.