Cyber Insurance Take-Up Rate Among Fortune 500 Very Low

More than half of Fortune 500 firms disclosing cyber risk vulnerability believe their firms would be seriously harmed by a cyber-attack, but many are still unprepared for one, shows a Willis North America study.

The top three cyber risks identified by the study group are theft of confidential information (65 percent), loss of reputation (50 percent), and direct loss from malicious acts by hackers and viruses (48 percent).

The Securities and Exchange Committee (SEC) guidelines say cyber risk insurance is an appropriate consideration; however, only six percent of those surveyed buy it.

SEC Guidance issued in October 2011 asked U.S. listed companies to provide extensive disclosure on cyber exposures.

“D&O liability risk may be heightened for companies that experience cyber breaches if cyber risk disclosures are deemed not to meet SEC standards and a significant loss were to occur. This may be especially true if peers have provided more detailed disclosure," said Ann Longmore, executive vice president of FINEX, Willis North America and co-author of the report.

Thirty-eight percent of the Fortune 500 companies--chiefly represented by the energy, insurance, specialty retail, healthcare equipment and aerospace and defense sectors--say a potential cyber event would “adversely” impact the business. Thirty-six percent state their company would face “material harm”, and two percent call their cyber risk “critical”. 

Half (52 percent) of these companies have technical safeguards in place to guard against breach, but about as many provided no comment on the state of their cyber risk protection strategy, and 15 percent said that they do not have the resources to protect themselves from critical attacks.

The insurance take-up rate for public companies has previously been found to be higher among wealthy private enterprises: a report by Chubb found that 35 percent of public companies purchase cyber insurance and 71 percent have breach response plans set up.

"Many of the results are not surprising as we know firms are actively taking steps to assess and mitigate their cyber risk, even if they have not been able to quantify a dollar amount associated with the risk," said Chris Keegan, report co-author and senior vice president of National Resource E&O and e-risk of Willis North America.

"However, we also see some surprising results which suggest some firms may be overlooking critical exposures. For example, only one out of five firms mention cyber-terror (20%) as a factor, despite the heightened emphasis on cyber-terror by the U.S. government. In addition, only one out of ten firms detailed cyber threats caused by the acts of outsourced vendors. This runs contrary to what we see in our day to day practice given the high frequency of cyber events stemming from outsourced vendors," he said.

The SEC recommends that cyber risk disclosures include the factors of a firm’s business operations that can let cyber risks get through the cracks, as well as their costs and consequences; a list of outsourced functions involving cyber data and how tightly the exchanges are managed; a scan for previously undetected cyber leaks; and a description of any previously disclosed cyber incidents.

About the Author
Anya Khalamayzer, PropertyCasualty360.com

Anya Khalamayzer, PropertyCasualty360.com

Anya Khalamayzer is Assistant Editor of Risk for PropertyCasualty360-National Underwriter. Khalamayzer graduated from CUNY Baruch College after intensive internships with Time Out New York Kids and Crain’s Investment News. Keenly interested in environmental science, music and the arts, her articles have been published in Gotham Gazette, Wonkster blog and Ear to Mind magazine. She can be reached at akhalamayzer@summitpronets.com

Comments

Resource Center

View All »

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Get $100 in leads with $0 down!

NetQuote's detailed, real-time leads have boosted sales for thousands of successful local agents across the...

The Growing Role of Excess & Surplus Lines in Today’s...

The excess and surplus market (E&S) provides coverage when standard insurance carriers cannot or will...

Increase Sales Conversion with this Complimentary White Paper

This whitepaper will share proven techniques - used by many of the industry's top producers...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.