Magazine article Risk Management

Taking Cybersecurity Seriously

Magazine article Risk Management

Taking Cybersecurity Seriously

Article excerpt

In the first half of 2013, reported cyberbreaches rose by 27% from the first half of 2012. Yet, according to a new study from the Ponemon Institute, only 31% of companies currently hold cyberinsurance policies and 30% said they do not plan to purchase coverage.

This disconnect could prove costly. More than half of respondents in the August 2013 Ponemon Institute study "Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age" had experienced a data breach and reported that the average cost of these incidents was $9.4 million. Those surveyed were also asked how much their companies could suffer from cybercrime. Their estimate was an average maximum financial exposure of $163 million per company, with some projecting more than $500 million in damages.

But don't let the numbers fool you: while big companies can suffer massive financial loss, small businesses face some of the greatest dangers. According to a March 2013 report from the House Small Business Subcommittee on Health and Technology, almost 20% of all cyberattacks target companies with 250 employees or fewer. The costs of cyberbreaches can be far more damaging for companies this size--nearly 60% of small businesses close within six months after a cyberattack.

Small and large businesses alike are beginning to comprehend the stakes involved. Michael Bruemmer, vice president of study co-author Experian Data Breach Resolution, said the Ponemon findings show a clear increase in risk managers' awareness of cyberthreats. Indeed, three quarters of survey respondents said that protecting against a cybersecurity exploit is "more important or as important as safeguarding against a natural disaster, business interruption or fire."

Brokers have noted a decisive rise in cyberrisk awareness, too. Marsh U.S. has seen a 33% increase in clients purchasing cyberinsurance and the levels of coverage purchased have increased by 20%, according to a report the broker released in March.

In the Lloyd's of London 2013 Risk Index, businesses ranked cyberrisk their third-highest priority for the year, up from twentieth in 2009. "For cyber to be as high as #3 is proof that the risk is there and the stories that you're reading on the front pages and blogs regarding cyberattacks are real," said John Coletti, XL Group's underwriting manager for cyberliability. "As more businesses migrate their businesses to a cloud-based platform and the reliance on data grows greater than ever before, it's no surprise that companies are worried about cyberrisk."

With a constant stream of breaches in the news and ever-growing list of sources of risk, cybersecurity is rising up the priority list for corporate risk managers. While only about one-third of companies surveyed currently have cyberinsurance, 39% of Ponemon's respondents said their organization plans to purchase a policy. More than half who already have policies reported that cyberinsurance is an essential component of their company's risk management program.

The benefits of cyberinsurance reach beyond the actual policy--62% of Ponemon respondents felt that just the process of evaluating cyberinsurance policies improved their company's cybersecurity preparedness and readiness. "I don't think a lot of risk managers understand what can happen with a data breach and what the regulatory requirements are," Coletti said. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.