Cyber-related business interruptions are now a top concern among corporate risk managers, Zurich's 2019 Advisen Information Security and Cyber Risk Management report found. Moreover, this increased worry over cybersecurity is fueling change within the cyber insurance marketplace as customers' demands increase and expectations evolve, Zurich concludes. "The cyber insurance marketplace is expanding and maturing to meet the increasing demands of corporations concerned about the ever-evolving cyber risks," said Paul Horgan, head of U.S Commercial Insurance. "Businesses are not only buying more coverage, they are asking for innovative and robust solutions that address menacing new threats." In its ninth annual Advisen Information Security and Cyber Risk Management report released last week, Zurich details its findings from surveys of 350 corporate risk managers, insurance buyers and other risk professionals, in order to reveal current views about information security and cyber risk management. Several of the survey's key findings are detailed in the slideshow above.

Cyber survey findings analyzed

The Zurich survey found that respondents' increased concern and awareness of cyber threats is linked to increased news coverage of major data breaches in recent months and years. Choosing from a list of 11 possible outcomes of cyber risk events, 95% named data breach as the number one risk, followed closely by cyber-related business interruption at 94.5% and cyber extortion/ransom at 89%. Reflecting on the evolving demands and expectations of cyber insurance customers, Michelle Chia, head of Professional Liability and Cyber for Zurich North America explained in a statement that in the past, the most attractive targets were organizations with large databases of personally identifiable information that could be stolen and monetized on the Dark Web. Now, Chia says, "While that risk is still with us, criminals are expanding their target lists to include organizations that historically have not had large stores of salable data. The goal is to immediately cash in by taking control of a network until a ransom is paid. Cyber attacks are bad enough for private businesses, but they can be particularly damaging for municipalities, universities and others dependent on legacy systems that may be less well-defended or are infrequently updated." See also:

• The top business risks of 2019
• The greatest threats facing organizations, according to CEOs
• 'You've been hacked…'