Cyber Insurance Take-Up Rate Among Fortune 500 Very Low

More than half of Fortune 500 firms disclosing cyber risk vulnerability believe their firms would be seriously harmed by a cyber-attack, but many are still unprepared for one, shows a Willis North America study.

The top three cyber risks identified by the study group are theft of confidential information (65 percent), loss of reputation (50 percent), and direct loss from malicious acts by hackers and viruses (48 percent).

The Securities and Exchange Committee (SEC) guidelines say cyber risk insurance is an appropriate consideration; however, only six percent of those surveyed buy it.

SEC Guidance issued in October 2011 asked U.S. listed companies to provide extensive disclosure on cyber exposures.

“D&O liability risk may be heightened for companies that experience cyber breaches if cyber risk disclosures are deemed not to meet SEC standards and a significant loss were to occur. This may be especially true if peers have provided more detailed disclosure," said Ann Longmore, executive vice president of FINEX, Willis North America and co-author of the report.

Thirty-eight percent of the Fortune 500 companies--chiefly represented by the energy, insurance, specialty retail, healthcare equipment and aerospace and defense sectors--say a potential cyber event would “adversely” impact the business. Thirty-six percent state their company would face “material harm”, and two percent call their cyber risk “critical”. 

Half (52 percent) of these companies have technical safeguards in place to guard against breach, but about as many provided no comment on the state of their cyber risk protection strategy, and 15 percent said that they do not have the resources to protect themselves from critical attacks.

The insurance take-up rate for public companies has previously been found to be higher among wealthy private enterprises: a report by Chubb found that 35 percent of public companies purchase cyber insurance and 71 percent have breach response plans set up.

"Many of the results are not surprising as we know firms are actively taking steps to assess and mitigate their cyber risk, even if they have not been able to quantify a dollar amount associated with the risk," said Chris Keegan, report co-author and senior vice president of National Resource E&O and e-risk of Willis North America.

"However, we also see some surprising results which suggest some firms may be overlooking critical exposures. For example, only one out of five firms mention cyber-terror (20%) as a factor, despite the heightened emphasis on cyber-terror by the U.S. government. In addition, only one out of ten firms detailed cyber threats caused by the acts of outsourced vendors. This runs contrary to what we see in our day to day practice given the high frequency of cyber events stemming from outsourced vendors," he said.

The SEC recommends that cyber risk disclosures include the factors of a firm’s business operations that can let cyber risks get through the cracks, as well as their costs and consequences; a list of outsourced functions involving cyber data and how tightly the exchanges are managed; a scan for previously undetected cyber leaks; and a description of any previously disclosed cyber incidents.

About the Author
Anya Khalamayzer,

Anya Khalamayzer,

Anya Khalamayzer is Assistant Editor of Risk for PropertyCasualty360-National Underwriter. Khalamayzer graduated from CUNY Baruch College after intensive internships with Time Out New York Kids and Crain’s Investment News. Keenly interested in environmental science, music and the arts, her articles have been published in Gotham Gazette, Wonkster blog and Ear to Mind magazine. She can be reached at


Resource Center

View All »

Complimentary Case Study: Helping achieve your financial goals By:...

Find out how a Special Investigation Union used TLOxp to save the company money and...

Do Your Clients Hold The Right CDL License?

Learn about the various classes of CDL Licenses and the industries that are impacted by...

Integrated Content & Communications: A Key Business Issue For Insurers

Insurers are renewing their focus on top line growth, and many are learning that growth...

High Risk Insurance Coverage in the E&S Market

Experts discuss market conditions, trends and projected growth in a rapidly changing niche.

Top E-Signature Security Requirements

This white paper covers the most important security features to look for when evaluating e-signatures...

EPLI Programs Crafted Just For Your Clients

Bring us your restaurant clients, associations and other groups and we’ll help you win more...

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.