Most Businesses Have Cyber-Risk Insurance Gaps

In the survey, only seven percent of some 1,400 corporations interviewed knew they had a specific insurance policy that covers cyber risks. On the other hand, almost a third of the respondents thought they had coverage they actually lacked, while another 34 percent acknowledged they didn't have such coverage.

"Unfortunately, most companies are operating in a 21st century threat environment with 20th century insurance coverage. The dynamics of risk management have changed with technology," said John Spagnuolo, cyber expert at the I.I.I.

Most business insurance policies exclude damages caused by cyber-hacker crimes, Mr. Spagnuolo noted, but carriers have created insurance products to help cover this gap. These cyber risks, he explained, could potentially shut down a network, destroy vital data or steal customer information, causing millions of dollars in damage. For example, Mr. Spagnuolo pointed out that corporations are liable if their customers' personal information is compromised, but currently, only a small number of businesses are insured for this risk.

In this high-tech business environment, clients need to recognize the fact that cyber-security risks are fundamentally different from traditional physical risks like fire, said Mr. Spagnuolo.

"If a hacker or virus shuts down a network or destroys computer software or data, most businesses today have either limited or no coverage," he observed. "Insurers have excluded these risks from standard commercial policies and are now offering standalone coverage. Whether your company conducts business over the Internet, stores customer data on servers or simply uses e-mail, it is at risk."