Cyber Insurance Take-Up Rate Among Fortune 500 Very Low

More than half of Fortune 500 firms disclosing cyber risk vulnerability believe their firms would be seriously harmed by a cyber-attack, but many are still unprepared for one, shows a Willis North America study.

The top three cyber risks identified by the study group are theft of confidential information (65 percent), loss of reputation (50 percent), and direct loss from malicious acts by hackers and viruses (48 percent).

The Securities and Exchange Committee (SEC) guidelines say cyber risk insurance is an appropriate consideration; however, only six percent of those surveyed buy it.

SEC Guidance issued in October 2011 asked U.S. listed companies to provide extensive disclosure on cyber exposures.

“D&O liability risk may be heightened for companies that experience cyber breaches if cyber risk disclosures are deemed not to meet SEC standards and a significant loss were to occur. This may be especially true if peers have provided more detailed disclosure," said Ann Longmore, executive vice president of FINEX, Willis North America and co-author of the report.

Thirty-eight percent of the Fortune 500 companies--chiefly represented by the energy, insurance, specialty retail, healthcare equipment and aerospace and defense sectors--say a potential cyber event would “adversely” impact the business. Thirty-six percent state their company would face “material harm”, and two percent call their cyber risk “critical”. 

Half (52 percent) of these companies have technical safeguards in place to guard against breach, but about as many provided no comment on the state of their cyber risk protection strategy, and 15 percent said that they do not have the resources to protect themselves from critical attacks.

The insurance take-up rate for public companies has previously been found to be higher among wealthy private enterprises: a report by Chubb found that 35 percent of public companies purchase cyber insurance and 71 percent have breach response plans set up.

"Many of the results are not surprising as we know firms are actively taking steps to assess and mitigate their cyber risk, even if they have not been able to quantify a dollar amount associated with the risk," said Chris Keegan, report co-author and senior vice president of National Resource E&O and e-risk of Willis North America.

"However, we also see some surprising results which suggest some firms may be overlooking critical exposures. For example, only one out of five firms mention cyber-terror (20%) as a factor, despite the heightened emphasis on cyber-terror by the U.S. government. In addition, only one out of ten firms detailed cyber threats caused by the acts of outsourced vendors. This runs contrary to what we see in our day to day practice given the high frequency of cyber events stemming from outsourced vendors," he said.

The SEC recommends that cyber risk disclosures include the factors of a firm’s business operations that can let cyber risks get through the cracks, as well as their costs and consequences; a list of outsourced functions involving cyber data and how tightly the exchanges are managed; a scan for previously undetected cyber leaks; and a description of any previously disclosed cyber incidents.

About the Author
Anya Khalamayzer,

Anya Khalamayzer,

Anya Khalamayzer is Assistant Editor of Risk for PropertyCasualty360-National Underwriter. Khalamayzer graduated from CUNY Baruch College after intensive internships with Time Out New York Kids and Crain’s Investment News. Keenly interested in environmental science, music and the arts, her articles have been published in Gotham Gazette, Wonkster blog and Ear to Mind magazine. She can be reached at


Resource Center

View All »

Contractors General Liability Coverage 102

What is a prior work exclusion? Which option is right for my client? Why do...

Sign up today to get a 50% matching credit -...

Insurance marketing sometimes seems like it's a game of swings and misses, but we're here...

Guide: 5 Steps to Selling Cyber

Cyber risk and data security is on the agenda of every business owner and executive....

Citation Correlation

Do rigger and signalperson qualifications correlate with the cause of crane and rigging accidents? ...

Complete Guide to Electronic Signatures in Property & Casualty Insurance...

In property and casualty insurance, closing new business quickly is key. Learn how to leverage...

INSTANT ACCESS: Complimentary Sales Closer Questionnaires

Help property owners or managers compare your commercial residential property insurance coverage vs. the competition....

Determining Vacant Property Perils and Valuations

Are your clients fully covered for Vacant Properties? In this economic climate, your insureds may...

Risk Management for Law Firms

This package of 3 concise risk management articles offers straightforward content and practical suggestions law...

Guide: Top 15 E&O Risks-And How To Avoid Them

Accidents happen. But when it's an errors and omissions oversight, that accident can open your...

We'll Show You How to Reach Your Sales Goals

Whether you work alone or have a team of agents working for you, we can...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.