Thirteen percent of respondents to A.M. Best’s Fall 2014 Insurance Industry Survey admitted that their companies had been the targets of data breaches or cyber attacks.

Larger companies appear much more likely to experience a cyber attack, with 22.2 percent of those in the $500 million-to-$1 billion range and 44.3 percent of those with more than $1 billion in surplus saying they were affected by an attack.

As far as available coverage, however, only 10 percent of respondents said they offer a dedicated cyber security policy, and another 10 percent bundle coverage with errors and omissions, business interruption and general liability policies. The remaining respondents either do not provide cyber security insurance or were noncommittal.

When it comes to cyber-risk management, the majority of respondents (61 percent) place the responsibility of managing cyber security risks with their information technology departments. Only 2 percent have dedicated cyber security departments, while others rely on enterprise risk management programs to manage the risks. More than 14 percent of respondents skipped the question, indicating they may not know where such responsibility resides, said A.M. Best.

Source: A.M. Best