NU Online News Service, May 3, 3:13 p.m. EDT
Companies are operating with a “false sense of security” when it comes to cyber attacks, according to a new survey from Towers Watson.
More than 160 risk managers from a variety of industries took part in the survey, which found 73 percent of companies have not purchased network-liability policies even though the threat of a cyber attack is increasingly real.
Larry Racioppo of Towers Watson’s executive-liability group says companies also have an “overreliance on their own [information-technology] organization.”
Of the companies that do not buy network-liability policies, 37 percent say their own IT departments are sufficient and 15 percent say that they aren’t concerned about the risk or that a risk transfer is too expensive.
“Risk managers need to take a broader look at how they can manage the risks associated with cyber attacks from a corporate, financial and reputational standpoint,” Racioppo adds in a statement.
About 60 percent of those companies that did purchase network-liability policies bought $10 million to $49.9 million limits, while 8 percent bought $50 million or more, the survey says.
Jeanne Oronzio Wermuth, senior technical specialist at insurance and employee-benefits brokerage The Graham Co., says word of big lawsuits is not following news of large breaches.
“It’ll take those first couple of big cases. The realization of potential liability hasn’t developed yet,” she says. Companies seem to understand the expenses related to notifying individuals of a cyber attack or breach, but not the liability side of things, Wermuth adds. That may be changing slowly.
Graham has sold “a number” of network-liability policies within the last year after not selling any when the coverage was first offered about five years ago.
“Companies think right now that they have it handled and that they are already covered,” she says, since there is the potential that there is some coverage under other policies, but not for every circumstance.
“Despite corporate controls, the number of cyber breaches continues to grow,” says Tracey Vispoli, senior vice president and worldwide cyber-liability manager for Chubb, in a statement. “The increased use of electronic health records, mobile devices, apps and social media offers cyber criminals new places to play. As cyber breaches expose more employees and consumers to identity theft, companies are wrestling with higher costs to contain and repair the financial and reputational damage.”
In a separate survey conducted by Opinion Research Corp. on behalf of Chubb, one in three Americans think businesses are not doing enough to protect them from identity theft, as well as workplace discrimination.
“This is more than just an IT issue,” Vispoli adds. “Although companies can help mitigate the risk by following best practices, they also need to have contingency plans in place before a data breach occurs.”