• Register
Return to: Home > Comments > Comment: When it comes to cyber, “underinsured” means “underprepared”

Comment: When it comes to cyber, “underinsured” means “underprepared”

The cyber insurance industry is growing. In fact, it is the one of the fastest growing segments of the corporate insurance industry. It is estimated that the cyber insurance market is worth about $2bn in premium worldwide and, based on current predictions, it could reach more than $20bn in the next decade.

We are currently in the third development phase of cyber insurance. According to Allianz, it was Y2K that first provoked companies to look at their cyber exposures and later, the rise of regulation and legislation around data privacy continued to drive it forward into phase two. Now, in the third phase, we are seeing increased awareness around cyber risk, which is encouraging companies to take a close look at how they are protected.

Throughout the evolution of cyber insurance one thing has become clear; defence barriers can never be fully impenetrable and therefore, you are never fully protected. This is what makes insurance the back bone of cyber protection. Organisations of all sizes need to invest in security procedures and tools to make the business as resilient as possible. Preventing a breach is nigh on impossible so it is crucial that organisations have tools in place to detect a breach and have procedures for how to tackle and mitigate it. Organisations should consider all of the data held and produced by the business, and how to protect it.

Most insurance companies today operate in the cyber arena and large corporates, especially in highly targeted industries like retail, finance and healthcare, are protecting themselves. However, there is a disconnect in the middle market. According to the US National Centre for the Middle Market, the majority of middle market companies consider cyber security important for their business, but over half either lack a defined strategy around cyber or have an outdated policy in place, and only 22% hold a cyber insurance policy.

Underinsurance is a serious issue for the middle market as there is a perceived lack of exposure. On the contrary, research from Advisen found that in 2016, large organisations accounted for less than 20% of cyber losses. In many cases, middle market companies are in denial about their vulnerability to cyber-attacks and need to be insured against the risk just as much as their large competitors. Cyber criminals will often cast a wide net and take what they can get most easily. This can have devastating consequences on middle market firms who potentially don’t have the breadth of resource to simply bounce back.

The problem for most businesses is that the knowledge about available cyber policies is very low, especially in the middle market. People do not trust insurers to give them what they need. There is still a level of scepticism towards cyber insurers and therefore the C-suite are still cautious about putting budget towards it. Coupled with this, there is a misconception among middle market firms that existing insurance policies will protect against a cyber-attack or data breach and a lot of organisations will only become aware of a policy’s limitations once a breach has occurred.

A change in the corporate mind set is crucial to drive change and fully protect middle market businesses, but seemingly, there is work to be done. Only 17% of executives surveyed by IBM considered themselves “cyber secured”. Not only are the C-suite the ones making decisions around cyber insurance investment, they are also the ones that need to consider the repercussions of cyber-attacks. Reputational damage and financial risks are second and third respectively on the C-suite’s view of the technology risks that will be most significant over the next 3-5 years. Investing in the right cyber policies means they can invest their time where it is most needed including developing contingency plans, considering the impact on bottom line and crafting crisis communications plans to manage the organisation’s reputation following a cyber breach.

However, the onus should be on insurers as well as business executives. Insurance will be a catalyst to speed up holistic cyber security. Beyond selling products, insurance companies need to make sure “the house is in order” and ensure the organisations they are covering have good processes in place. We know now that increased awareness is driving the adoption of cyber insurance and it is the responsibility of insurers to gain the trust of the C-suite to move the industry forward. Insurance companies need to make organisations more aware of the different types of cover they offer. Collaboration is the key to combating cyber and this is the first step.

By Michael Shatter, Director of Risk Assurance Services, RSM Australia

Top Content

    Time pressure: Facing up to mental health

    In an ‘always on’ culture, it is becoming increasingly difficult to manage a healthy work-life balance. While companies are beginning to address this problem by introducing different support systems, Joe Pickard finds more could be done to ensure the wellbeing of the professions workforce.

    read more

    Venezuela: the race for the dollar

    With a new currency following hyperinflation, large sections of the population emigrating to neighbouring countries, an economy on the brink of collapse and no apparent solution coming from the government, Jonathan Minter finds a profession struggling to stay afloat in Venezuela.

    read more

    Brazil: transparency and control

    Brazilian accountants have an optimistic view of the impact of more-regular reporting and the implications of audit controversies for the profession. Paul Golden reports.

    read more

    Argentina: looking for a clearer view

    The Argentine accounting profession continues to grapple with the impacts of a weak economy and a culture of financial corruption. Paul Golden takes a closer look.

    read more

    Blockchain: adapting to disruptive tech

    In the relatively few years since digital currencies first began using blockchain technology, the array of potential applications has grown significantly – and continues to expand. Dan Balla, Matthew Schell and Dave Uhryniak from Crowe look at how it impacts accountancy.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.