Despite high-profile data breaches of companies such as Target, JPMorgan Chase, eBay and Community Health Systems, 40% of cyber carriers say policyholders think they don't need cyber coverage and 29% think they are covered under existing policies, according to a survey conducted by Hanover Research and sponsored by ISO.
"Even though data breaches are in the news every week, many companies still don't recognize that cyber attacks are serious, and that the costs associated with responding to one can be significant and generally not covered under current commercial insurance policies," said Shawn Dougherty, assistant vice president of Specialty Commercial Lines at ISO.
And it's difficult to convince businesses they need cyber coverage when staff resources are limited. Just more than half of the respondents say their companies have no staff dedicated solely to drafting cyber insurance policies. Nearly a third have a small staff of 1 to 5 people. Staff resources vary by size of carrier. More than two-thirds of medium-sized companies (those with premiums between $250 million and $1 billion) do not have dedicated cyber underwriters, but 57% of smaller carriers (less than $250 million in premium) have at least one employee, and nearly 30% of large companies (more than $1 billion in premium) have a substantial staff of 11 or more working to draft cyber policies.
The survey of 271 insurance professionals found that the market is small but growing among carriers currently offering cyber insurance. Although the majority of companies' direct written premiums for cyber coverage are less than $10 million, 75% expect to sell more cyber insurance next year–of which 14% expect to underwrite between 25% and 50% more. Of those not offering cyber coverage at the moment, 11% will roll it out in the next year, and an additional 47% say their companies are considering offering cyber coverage in 2015.
When separated by size, the survey offers more insight into growth expectations:
Tellingly, the companies that do not expect growth in the future specialize in the most common areas of cyber coverage, such as data breach expenses and business interruption, while those that expect growth offer cyber extortion, cyber reward, social media liability and public relations expenses.
Next page: The most serious cyber risks and hazards
Data breaches are considered the most serious cyber risk facing busineses today, but one third of respondents say that cyber crime is more dangerous. When asked about what information they consider to be the most important when underwriting cyber risks, respondents state that enterprise risk management philosophy (25%) and the nature of records or data stored (23%) are the two most important. Other factors include security tests and audits, and updated security.
Three quarters of respondents were split evenly among which hazards are the most risky, and their responses fall in line with PC360′s top 10 data breaches of the last 12 months.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
