According to a survey by the Experian Data Breach Resolution team and the Ponemon Institute, a full three-quarters (76%) of companies put cybersecurity at the top of the threat heap.
“It’s clear that companies see cyber security threats as a significant business liability and we are seeing increased interest from our customers in managing against this risk,” said Katherine Keefe, head of Beazley’s Breach Response Services division, cited in a related blog. And, companies are increasingly aware of the impact a cyber-incident may have on their business; 76% of survey respondents say protecting against a cybersecurity exploit is more important or as important as safeguarding against a natural disaster, business interruption or fire.
The study found that data breaches have cost an average of $9.4 million each in the last 24 months – and 56% of respondents said that they had suffered breaches. However, these costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed (breached or not) believe they could suffer due to cyber incidents. Some projected more than $500 million in damages.
As a result, cyber-insurance is becoming a key consideration to mitigate fallout. Most companies are increasingly looking to cyber-insurance as part of the solution for managing the risk posed by security incidents to accompany technical protections. Not surprisingly, the study found that the likelihood of a company considering a policy increases after experiencing an incident.
The study also found that data breaches impact more than IT teams; with the rapid increase in the threat landscape and the number of data breaches, concerns over how to manage them have moved beyond corporate IT teams to other major parts of organizations, as companies realize that security incidents create significant financial risks that must be managed like other major business risks.
“We are reaching a tipping point where the majority of companies we surveyed now rank cybersecurity risks as high as other major insurable business risks,” said Michael Bruemmer, vice president at Experian Data Breach Resolution, in a statement. “We anticipate that demand for cybersecurity insurance is likely to increase in response to evolving breach response policies.”
About 31% of companies report current cyber-insurance coverage, and survey results show growth on the horizon. In fact, 39% of respondents say their organization plans to purchase a policy. Additionally, more than half with a policy believe it is an essential part of their companies’ risk management programs.
On average, respondents said that there is a 9% likelihood that their company will experience the predicted maximum financial impact during a data breach.
“This is a small but significant number when compared with other areas that are regularly insured,” the report found. “While only 31% of companies are insured today, there are a growing number of companies exploring policies. This indicates a larger appetite for financial protection in the wake of a breach.”
Most policies cited provide benefits for forensics and investigative costs (64%), notification costs to data breach victims (86%) and legal defense costs (73%).
“Companies worry about the financial impact following a data breach,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Cyber-insurance could be an important part of a risk management strategy to protect against potentially severe financial losses.”