Cyber Risk: What Are We Seeing?

Cyber risk has become the single biggest concern for business decision makers, but many firms are still unfamiliar with cyber insurance, or unsure if they even need it. Cyber risks have become the top risk concern for businesses, according to the Travelers Risk Index¹, a survey of 1,200 business decision-makers. Cyber has always been a top concern, but this is the first time in the history of our survey that cyber risk has been the single biggest worry for businesses. Concern about cyber risk grew 60% over the previous year’s results, surpassing such concerns as economic uncertainty and employee benefit costs. The concern is well founded: The survey results indicated that one in five of the businesses had been a victim of a data breach or cyber event – a figure that has more than doubled in recent years. In the UK, those figures are even higher.

According to a 2019 government-led study of cyber security breaches at UK businesses and charities, 32% of businesses had identified cyber security breaches or attacks in the previous 12 months.

Big worries, little preparation

Businesses that responded to the Travelers survey said their four biggest cyber concerns were computer system hacks, cyber criminals accessing financial accounts, cyber extortion and ransomware, and employees putting information or systems at risk. Those concerns reflect the reality of cyber incidents that Travelers has observed under the more than 25,000 cyber insurance policies it has in force worldwide. There is a clear correlation between what we’re seeing in terms of the types of attacks impacting our insureds.

Despite that, almost half of businesses lack confidence in their ability to prevent or mitigate cyber risks or to respond after an incident. Travelers found that nearly one-quarter of firms lack confidence in their cyber protections and, in fact, aren’t implementing even the most basic controls needed to avert an attack, such as data back-up processes or routine computer password updates. Less than half of firms have a written business continuity plan to guide them after an incident.

A new role for insurers

Cyber insurers can help businesses manage their cyber risk – and not just by paying claims. While insurance can cover financial losses, it also provides policyholders with a point of contact to help in the aftermath of an incident. These expert response providers can guide the insured through the legal notifications it must provide after an attack, as well as offer the services of forensic IT professionals who can assess a company’s systems, identify vulnerabilities and restore backups. While Travelers has seen firms of all sizes in every type of industry suffer cyber events, the survey found that nearly one-quarter of businesses are not familiar enough with cyber coverage to purchase it – and almost one-quarter don’t even know cyber insurance exists. In the UK, only 11% of all businesses have cyber insurance and nearly one-quarter of businesses consider themselves too small of a risk to require it. To close the gap between cyber risks and available protection, it’s up to carriers and brokers to educate clients about how cyber insurance works, particularly when it comes to SMEs. When businesses buy a cyber policy, they are buying more than typical insurance that merely pays back a loss. They are buying a service contract that gets them back on track following a cyber incident by helping them address customer concerns, manage reputation and continue trading with minimal disruption.

Source
¹ https://www.travelers.com/resources/risk-index/2019-cyber-infographic