Survey points to gaps in understanding of what’s driving higher costs and limiting access to cyber insurance coverage — and what businesses can do about it.
SCHAUMBURG, Ill., Oct. 26, 2022 /PRNewswire/ — Good news for cybersecurity: More risk managers have purchased cyber insurance to help protect their businesses and customers from the potentially disastrous consequences of breaches and hacks. The bad news: Increasing premiums and restrictions for cyber coverage over the past year have created frustration for some business leaders.
This is the mixed picture emerging from the just-released 12th annual Information Security and Cyber Risk Management study from Zurich North America and Advisen Ltd., a Zywave Company. The 2022 study indicates that 86% of respondents now have cyber insurance, up three percentage points from 2021 and the highest percentage in the history of the survey. About 83% of respondents say they’ve taken steps to assess their cyber risk, and 69% have invested in cybersecurity solutions to mitigate risk.
Such findings suggest that CEOs, CIOs and risk managers increasingly grasp the threat that cyberattacks pose to their businesses, customers and the economy. But comments in the survey also reveal gaps in understanding of the drivers of insurance rates and restrictions and the role that risk mitigation actions play in the ability to access coverage at an affordable price.
“Our latest survey shows that many respondents recognize cyber threats and claims have increased in frequency and severity, but some business leaders struggle with the extent of the impact on insurance costs, policy terms and risk selection,” said Michelle Chia, Head of Professional Liability and Cyber at Zurich North America. “What’s clear is that cyber resilience is critical to business resilience. Carriers, distributors, risk managers, IT professionals, governments and employees everywhere need to work together to strengthen cyber resilience in this fast-evolving risk landscape.”
Other highlights from the survey:
- 54% of respondents who experienced a claim reported it to their cyber insurance carrier. More than 70% recouped costs from their cyber insurance carrier, while a portion of claims are still in process.
- 52% have increased their organization’s oversight of IT vendor management in response to geopolitical conflict concerns.
- 52% of respondents agreed that their cyber insurance meets their expectations and provides value, and 61% said their coverage meets some but not all organizational needs.
- Over 93% of respondents said they expect Data Breach and Cyber Extortion/Ransomware coverage to be included in cyber insurance policies, followed by Data Restoration (87%) and Business Interruption (75%).
- 81% of respondents reported having cyber incident response plans in place, but less than 60% test these plans regularly.
- 62% of respondents cited “Enhance Employee Training” as one of their top cybersecurity priorities over the next year.
“While there’s more to be done, it’s encouraging to see organizations taking steps to shore up their cyber resilience,” Chia said. “Insights from this survey present the opportunity for insurance carriers and brokers to provide continuing education on the shifting cyber risk environment and mitigation techniques. Those responsible for managing cyber risk can refer to this survey’s insights to help gain organizational support for additional investments to enhance cyber resilience and access to insurance coverage.”
The survey was completed at least in part by 353 risk managers, insurance buyers and other risk professionals. The majority classified themselves as either a chief risk manager or the head of a risk management department (28 percent); a different member of a risk management department (25 percent); a chief information security officer or chief privacy officer (5 percent); or other executive, such as a CIO, CFO or CEO (20 percent).
The full Information Security and Cyber Risk Management survey report is here.