While more risk managers are purchasing cyber insurance to protect their businesses and customers, increasing premiums and restrictions on cyber coverage over the past year are creating frustration among business leaders, according to a new survey.
The 12th annual Information Security and Cyber Risk Management study from Zurich North America and Advisen indicates that 86% of respondents now have cyber insurance, up three percentage points from last year and the highest percentage in the survey’s history. About 83% of respondents said they’d taken steps to assess their cyber risk, and 69% have invested in cybersecurity tools to mitigate risk.
The survey’s findings suggest that CEOs, chief information officers and risk managers increasingly understand the threats posed by cyberattacks. However, comments in the survey also revealed gaps in understanding the drivers of insurance rates and restrictions and the role played by risk mitigation actions in the ability to get affordable coverage.
“Our latest survey shows that many respondents recognize cyber threats and claims have increased in frequency and severity, but some business leaders struggle with the extent of the impact on insurance costs, policy terms and risk selection,” said Michelle Chia, head of professional liability and cyber at Zurich North America. “What’s clear is that cyber resilience is critical to business resilience. Carriers, distributors, risk managers, IT professionals, governments and employees everywhere need to work together to strengthen cyber resilience in this fast-evolving risk landscape.”
Read next: Cyber liability claims skyrocketing – Acuity
Key findings of the survey include:
- 54% of respondents who experienced a claim reported it to their cyber insurance carrier. More than 70% recouped costs from their cyber insurance carrier, while some claims are still in process
- 52% have increased their organization’s oversight of IT vendor management in response to geopolitical conflict concerns
- 52% agreed that their cyber insurance met their expectations and provided value, and 61% said their coverage meets some but not all organizational needs
- More than 93% said they expect data breach and cyber extortion/ransomware coverage to be included in cyber insurance policies, followed by data restoration (87%) and business interruption (75%)
- 81% reported having cyber incident response plans in place for their organization, but less than 60% said they test these plans regularly
- 62% cited “enhance employee training” as one of their top cybersecurity priorities over the next year
“While there’s more to be done, it’s encouraging to see organizations taking steps to shore up their cyber resilience,” Chia said. “Insights from this survey present the opportunity for insurance carriers to provide continuing education in the shifting cyber risk environment and mitigation techniques. Those responsible for managing cyber risk can refer to this survey’s insights to help gain organizational support for additional investments to enhance cyber resilience and access to insurance coverage.”