Commercial clients short on intangible-asset insurance
Digital assets, proprietary data, brand equity and intellectual property are highly valuable but often have insufficient coverage.
As cyber, intellectual property (IP), and digital perils become more complex, managing these risks has become increasingly challenging. The 2022 Aon/Ponemon Intangible Assets Financial Impact Study found that while 86% of businesses recognize cyber and IP among the top 10 business risks but they continue to undervalue and under-insure intangible assets relative to tangible assets. Furthermore, 84% of organizations use or intend to use cryptocurrency or non-fungible tokens (NFTs) in the next 12 months.
Intangible assets offer greater value but are less protected.
Intangible assets are non-physical assets with a monetary value representing potential revenue. They include digital assets, proprietary data, goodwill, brand equity and intellectual property such as patents, copyrights, franchises and trademarks. Every industry increasingly relies on intangible assets including, among others, technology, entertainment, consumer products and services, finance, healthcare and manufacturing/automotive.
Blockchain, decentralized finance, NFTs, cryptocurrency and the Metaverse increase reliance on digital assets. Common threats to cyber assets include ransomware business interruption, cyber warfare, biometric privacy lawsuit costs, increased frequency and severity of regulatory fines, penalties, and assessments, and evolving cyber security regulations.
The average total value of intangible assets for the companies represented in the Aon/Ponemon study is more than $1.2 billion, slightly higher than the average total value of property, plant and equipment (PP&E), at approximately $1.1 billion. In many cases, the economies of scale derived from intangible benefits dwarf what can be achieved through tangible assets.
Despite their value, growth potential and emphasis in publicly disclosed document filings, however, intangible assets are insured at one-third the amount of total insurance compared to PP&E. Approximately 58% of PP&E assets are covered by insurance and while the likelihood of a loss is higher for intangible assets than for PP&E, only an average of 17% of intangible assets are insured.
The cost of uninsured assets
Business disruption has a greater impact on intangible assets ($321 million) than on PP&E ($143 million). Companies estimate the average probable maximum loss resulting from stolen or destroyed information is approximately $1.2 billion . In contrast, the average value of the largest loss that could result from damage or destruction of PP&E is approximately $839 million.
The data on expected risk exposure and insurance protection is disconcerting. Half of the Aon/Ponemon survey respondents report that their company had a significantly disruptive security exploit or data breach one or more times in the past 24 months, most of which (41%) involved trade secret rights. Yet, while 68% of respondents say their cyber risk exposure will increase in the future, 37% say there is no plan to purchase standalone cyber insurance.
As for those companies that do have cyber insurance, 34% of respondents say existing policies do not cover any IP events. Finally, while 48% of respondents say a cyber or intellectual property incident can become a black swan event for their companies, 46% report their risk management approach does not include black swan response preparation.
Understanding the discrepancy in coverage
Knowing the inherent value of intangible assets and the need to mitigate associated risks, why aren’t companies clamoring to protect intangibles/? First, there seems to be a general misunderstanding as to the breadth and depth magnitude of the potential negative impact of intangible asset risk. This is evidenced by the fact that 33% of respondents do not believe disclosing a material loss to information assets is necessary for financial statements.
Second, certain businesses are unsatisfied with current IP protection solutions citing inadequate coverage based on company exposure, expensive premiums, and excessive exclusions and restrictions, as barriers to purchasing specific insurance protection.
Third, there is a lack of consensus about who typically “owns” cyber risk management across organizations. Respondents indicate that the top two individuals responsible are the chief information officer (21%) and business unit leaders (20%). Other respondents identified the chief information security officer, procurement, general counsel, chief financial officer, compliance, and even the CEO and board of directors. With such inconsistencies regarding who takes the lead and accountability, a proper financial statement impact risk assessment and best practices within an organization may be lacking.
The bottom line is that insufficient protection of intangible assets can cost businesses money, not to mention the long-term damage to business innovation and creativity when proprietary knowledge is constantly at risk. New sources of capital are being formed to protect intangible assets, such as insurance-linked securities, captives (with reinsurance), alternative risk transfer, and cyber pools. While companies may have to explore which options are best for them, the only wrong choice in today’s environment is to leave these assets unprotected.
Kevin Kalinich (kevin.kalinich@aon.com) is Global Collaboration Leader, Intangible Assets at Aon.
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
See also: