A report recently published by the Ponemon Institute found that while organizations believe that their cyber assets are more valuable than plant, property and equipment assets (PP&E), they still spend four times more budget on securing insurance for the latter risks.
The
Aon-sponsored annual study, entitled
2017 Cyber Risk Transfer Comparison Global Report, discovered that organizations valued cyber assets 14% more than PP&E assets. It was also found that participants quantified probable maximum loss from cyber assets 27% higher than that of PP&E.
Learn more about cyber insurance here.
Despite these beliefs, many of the survey participants believe cyber insurance is inadequate for the needs of their organization and has too many policy exclusions to be useful.
“This unique cyber study found a serious disconnect in risk management,” Ponemon Institute chairman and founder Dr. Larry Ponemon said. “What's interesting is that the majority of companies cover plant, property and equipment losses, insuring an average of 59% and self-insuring 28%. Cyber is almost the opposite, as companies are insuring an average of 15% and self-insuring 59%.”
The disconnect could not be more apparent as more and more organizations become victims of cyber-attacks.
Forty-six per cent (46%) of the report’s respondents reported a data breach in the last two years, with the average financial impact totaling US$3.6 million. The report surmised that the greatest threats these organizations face – based on data breaches and security exploits experienced by the surveyed – are business process failures that cause disruption to operations and cyber-attacks that cause disruption to both business and IT operations.
“This study compared the relative insurance protection of certain tangible versus intangible assets,” commented Aon Risk Solutions cyber/network global practice leader Kevin Kalinich. “We have found that most organizations spend multiples more premium for fire insurance, for example, than for cyber insurance, even though they state in their publicly disclosed documents that a majority of the organization’s value is attributed to intangible assets.”
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
The report concludes that although cyber risk is a top concern for many businesses – businesses that actually go out their way to implement formal assessments to properly identify and measure their cyber risk – they do not properly manage the risk on a relative basis versus other growing assets and risk.
Related stories:
Aon sheds light on biggest risks facing companies worldwide
Global insurance industry likely to see growth in 2018: Report