Cybersecurity firm CYE has published a new study that highlights significant gaps in cyber risk management and the often-insufficient insurance coverage that organizations face in the aftermath of cyberattacks.
Titled “Inadequacies in Breach Insurance Coverage: A Data-Driven Gap Analysis”, the research notes that as digital threats continue to escalate, many companies have turned to cyber insurance as a protective measure against the financial devastation caused by data breaches.
However, the findings from CYE’s study, which utilized both external and internal data sources, paint a concerning picture: the coverage provided by existing cyber insurance policies frequently falls short of covering the full costs of cyber incidents.
The report details that 80% of insured companies experiencing a data breach had inadequate coverage. In addition, the average coverage gap was found to be 350%, indicating that over three-quarters of the incident costs were not covered by insurance. In extreme cases, the coverage gap reached as high as 3,000%.
The study also noted that sectors such as accommodation and food services, construction, transportation, and warehousing tend to have more adequate insurance coverage compared to sectors like finance and insurance, information, and manufacturing, where the gaps often exceed 100%.
CYE’s report also called for more precise cyber risk quantification (CRQ). Accurate CRQ assessments are crucial for organizations to understand potential damages and plan effectively, which not only aids in mitigating risks but also in optimizing cybersecurity budgets to prevent breaches altogether.
CYE noted that this approach is recommended to better align the coverage provided by cyber insurance with the actual costs of cyber incidents.
Nimrod Partush, vice president of data science at CYE, highlighted that while many organizations are aware of cyber risk, their comprehension of potential costs are not up to par.
“This study underscores how many companies rely on cyber insurance to cover the losses incurred as a result of cyber incidents and are then taken by surprise when they find that their insurance only covers a small portion,” Partush said.
What are your thoughts on this story? Please feel free to share your comments below.