For risk managers — indeed for most businesses — among the mostdisturbing words they can hear are “We’ve been hacked.”

What was once something to fear for only large businesses is nowan issue for the majority, according to a survey of business risk managers released May17 by the Connecticut-based specialty insurer Hartford Steam BoilerInspection and Insurance Co., which is owned by Germany-basedreinsurer Munich Re.

The survey, conducted onsite at the Risk and InsuranceManagement Society Conference in San Diego, last month found thatnine of 10 businesses experienced at least one hacking incident inthe past year. The survey also found that the number of attacksincreased 21% from 2015.

Related: Cyberrisk survey finds majority of businesses were hacked in2014

“Hackers are even more relentless,” said Eric Cernak, cyberpractice leader for Munich Re. “Sixty-four percent of risk managerssay they have experienced more than six hacking incidents in thelast year — up from 32% in 2015. U.S. businesses are under constantassault.”

Continue reading ...

Internet of Things a major concern

With the proliferation of electronic devices and connectivity,known as the Internet of Things (IoT), businesses can bevulnerable, especially when employees bring their own devices thatthey connect to the company’s network or use to access companyinformation.

Only a minority (28%) of the risk managers surveyed said thatIoT devices are safe for business use, but a majority (56%) saidtheir organizations already had or were planning to implement thedevices.

“As businesses use IoT devices to improve productivity andefficiency, they must think about the security costs,” said Cernak.“Hackers are always looking for ways to access company businesssystems and connected devices provide additional infiltrationpoints. It’s important to control security features on thesedevices and monitor employee use.”

In reviewing the possible risks to their organizations fromcyber technology, risk managers ranked them as follows:

• Loss of confidential information — 44%.
• Government intrusion — 27%.
• Service/business interruption — 17%.
• Link of devices to WiFi and cloudnetworks — 10%.
• Lack of service standardization — 2%.

How do the risk managers combat cyber risk?

• Encryption — 44%, up from 25% in 2015.
• Intrusion detection/penetration testing — 28%, downfrom 32%.
• Employee education programs — 12%, down from25%.

Given the increased availability and interest in Cyberinsurance, you would think that a significant majority of riskmanagers would have purchased the coverage for theirorganizations.

However, only half (50%) say their business has either purchasedCyber insurance for the first time or increased its level ofcoverage in the past year, while 30% of businesses don’t have anylevel of Cyber insurance coverage.

When asked why they don’t have coverage, risk managers notedCyber insurance’s perceived complexity (44%), lack of a sufficientthreat (34%) and cost (22%) as the primary reasons.

These survey findings may present opportunities for agents andbrokers to reach out to their clients and educate them about Cyberinsurance.

Related: Cyber insurance's increased profile leads to more offerings andmore buyers