Filed Under:Risk Management, Cybersecurity

As cyber risks evolve, businesses are growing complacent, Zurich report says

The results from Zurich's 2017 Advisen Cyber Survey are in.

Zurich Insurance's annual Advisen Cyber Survey identifies the current state of and trends in information security and cyber liability risk management. (Source: Shutterstock)
Zurich Insurance's annual Advisen Cyber Survey identifies the current state of and trends in information security and cyber liability risk management. (Source: Shutterstock)

Zurich Insurance’s seventh annual Advisen Cyber Survey is out for 2017. The Information Security and Cyber Risk Management survey identified and analyzed the trends and current state of cyber risk based on responses from 315 risk professionals. The study is designed to provide a benchmark for future cyber risk preparedness and response strategies.

Related: Get ready: a cyber attack is coming

The 2017 report and its key findings were presented at the Advisen Cyber Risk Insights Conference in New York on October 26, and the results are worrying some researchers. For the first time in the survey’s seven-year history, there has been a significant decline in how seriously C-suites and business executives view cyber risk, even as the nature of cyber attacks and risks have evolved.

The report highlights three key findings:

  • In 2017, 60% of the risk professionals surveyed said executive management view cyber risk as a significant threat to their organization, down significantly from 85% in 2016.

  • Only 53% of respondents knew of any changes to their companies’ cyber security systems in response to the high-profile attacks that took place in early 2017.

  • Growth in the purchase of cyber insurance has gone stagnant after a steady six-year increase from 35% to 65%.

“These findings may indicate that businesses are not up to speed on the magnitude of impact that business interruption losses are beginning to have on businesses,” said Erica Davis, head of Specialty E&O for Zurich North America.

Related: Emerging cyber risks

“Annually, the survey results are critical for understanding how businesses are thinking about cyber risk and what we need to do to help them protect themselves as we watch this issue continue to evolve.”

The cost of cyber threats

2017 saw a number of high-profile cyber attacks and data breaches. Data security losses compromised millions of consumers’ personal information, and increased malware and ransomware attacks shut down business network systems and disrupted business operations.

The report states that according to an annual IBM study, in the last year, the average cost of a cyber-related business interruption loss reached $3.7 million in the healthcare industry alone.

Despite these concerning trends, the Advisen report found that risk professionals view cyber-related business continuity risk less seriously than data integrity risk, even as business interruption costs increase and high profile business interruption attacks made headlines in 2017.

Related: Evolving cyber insurance coverage for phishing attacks

Cyber insurance purchasing trends

The survey analyzed companies’ cyber insurance purchasing behaviors as well, and found that just 10% of respondents identified business interruption as the primary reason for buying cyber insurance.

Over the last seven years, the number of companies buying cyber insurance has increased from 35% in 2011 to 65% in 2017, but for the first time this year, the number has gone stagnant.

Concerning researchers, these results indicate that businesses may not be staying up to date with cyber-related risks or the precautionary measures need to protect themselves against potential attacks. The report’s researchers suggest that, “Since business continuity events are growing in both frequency and severity, the insurance industry should further educate their clients on these exposures, provide access to pre- and post-incident resources, and offer products that meet the needs of their insureds.”

“Businesses must adopt a mindset of resilience that extends beyond the four walls of their organization,” Davis says. “As cyber security breaches persist, it is more critical than ever to engage in an ongoing, comprehensive review of all business partner relationships including how those vendors and business partners approach their own exposures and controls and how the vendors’ supplier approach fits into their overall resilience plan.”

Related: Cyber risk and reputation harm

Featured Video

Most Recent Videos

Video Library ››

Top Story

How video-enabled services are transforming the insurance industry

Over 70% of insurance professionals will deploy video-enabled services, according to new research from Vidyo and Efma.

Top Story

Identity theft takes the sparkle off of the holiday shopping season says new study

Cyber risks affect shopping patterns, according to Generali Global Assistance.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.