Insurance professionals see an obstacle to boosting sales of cyber insurance with the continued misunderstanding by businesses about the need for the coverage and the true risks, according to a new survey.
However, that may be changing.
“Although the vast majority of companies’ direct written premiums for cyber insurance are less than $10 million, those that do currently offer it expect the market to grow. At the same time, there is room to be optimistic, as the majority of people who currently do not offer cyber security insurance feel their company will or might offer it in the near future,” noted ISO and Hanover in the joint survey.
The survey showed that among insurers offering cyber coverage, 40 percent said businesses feel they don’t need the insurance and 29 percent think other, existing policies will cover them.
Price is less frequently offered as an excuse, with only 12 percent of insurance professionals hearing that cyber insurance is too expensive. ISO and Hanover found that most insurers in the survey expect the tide to turn somewhat, with projections to sell 5 percent or more in coverage in 2015.
Optional cyber endorsements are proving popular for insurers looking to break into the market, with 92 percent of respondents offering an add-on coverage. Data breach coverage is also more frequently offered, with 79 percent of respondents selling it, compared to only 18 percent for cyber extortion risks.
“Even though data breaches are in the news every week, many companies still don’t recognize that cyber attacks are serious, and that the costs associated with responding to one can be significant and generally not covered under current commercial insurance policies,” said Shawn Dougherty, assistant vice president of Specialty Commercial Lines at ISO. “That’s why insurers and brokers are working hard to educate businesses and make it easy for them to add cyber coverage to their existing insurance portfolio.”
Over 70 percent of insurance professionals cited retailers, payment card processors, banks and financial services firms as the riskiest to insure. Just 14 percent felt hospitals and healthcare providers present the highest risk.
Insurers and brokers may face a workforce issue in educating customers – over half (51 percent) said they had no dedicated cyber underwriters, relying on underwriters in other lines to sell the coverage. In underwriting cyber insurance, nearly half of respondents said they consider the type of data used by businesses and their overall enterprise risk management philosophy to be more significant in assessing cyber risk than whether the business uses security tests and audits, firewalls, or encryption.