Risk managers named reputational harm and business interruption as the top two cyber exposures they face, beating out data breach notification and highlighting the interest that the insurance buying community has in solutions to address these concerns.
In the Risk and Insurance Management Society’s most recent cybersecurity survey, it was revealed that just 51 percent of RIMS members currently buy standalone cyber insurance policies. Further information in the survey indicated why that might be – 58 percent of RIMS members carry less than $20 million in coverage for cyber risks and 49 percent of those insureds pay over $100,000 in annual premium for the coverage they have. Nearly all (91 percent) said that contractual obligations drive their purchase of cyber insurance, with 74 percent saying that they will consider the purchase of coverage in the next 12 months.
The respondents to the survey were distributed across all industry sectors, but were concentrated most heavily in the manufacturing, financial services, and “other” categories. More than half of respondents reported over $1 billion in annual revenues.
On a positive note, most (89 percent) respondents said they have a cyber response plan at their organization and cyber risk is incorporated into their enterprise risk management program.
Seventy-three percent of respondents feel that privacy issues should be regulated by the federal government. However, loss of business, reputational risk, and business interruption should not be the subject of federal attention, according to a majority of respondents.