Approximately 78 percent of risk managers now purchase some level of cyber insurance, up from 34 percent in 2011, according to the tenth year of the Zurich North America and Advisen Cyber Survey.
Of this record of 78 percent with some cyber coverage, 55 percent have a stand-alone policy, while 13 percent have coverage included in their professional liability and others in another insurance program.
The results “make it clear that cyber insurance is no longer a luxury item, even amid a hardening insurance market and the COVID-19 pandemic,” the survey authors wrote.
For the 12 percent that do not have cyber insurance or are not in the process of buying it, price and buy-in from the C-suite and IT professionals in their organizations are their biggest obstacles, according to the results.
When it comes to cyber insurance coverage expectations, 72 percent want coverage for “bricking” (when an electronic device becomes unusable following a cyberattack); contingent business interruption (72 percent) and system failure coverage (70 percent); funds transfer fraud/ social engineering (66 percent); internet media liability (63 percent) and reputational harm (60 percent).
The survey also shows that ransomware and business interruption are the top concerns of risk managers.
The survey indicates that 60 percent of respondents feel either “extremely prepared” or “prepared” to respond to a ransomware event. They also cite business interruption as the worst possible outcome of a ransomware event, followed by reputational harm.
Risk managers appear to see a link between their employees working from home and potential cyber events. They ranked “Employees unintentionally infecting the company’s network with malware” and “Employees unintentionally giving sensitive information to a third party via social engineering” as concerns.
“Unprecedented change in the world requires us to think differently and act with agility. This survey reveals that customer expectations are changing as their level sophistication about cyber risks have grown,” Michelle Chia, head of Professional Liability and Cyber for Zurich North America, said in prepared remarks.
“Risk managers increasingly are connecting the dots between high-profile cyberattacks, business interruption, and reputational risk – and they’re looking for coverage that protects their business at the right price,” she said.
Other findings of the 2020 survey:
- Most buyers (60 percent) responding to the survey still “rely significantly on recommendations from brokers and underwriters” in deciding on their cyber insurance programs. Less than a quarter (24 percent) are “heavily involved” in crafting the policy language and 22 percent say they buy an “off-the shelf” policy and add endorsements.
- Just over a third (35 percent) of respondents provide annual training for employees on cyber risks, while 24 percent conduct quarterly trainings.
- 81 percent of respondents have not changed what they spend on their cyber security.
The survey included a variety of industries, with finance, banking, and insurance having the highest representation, at 27 percent of the total. Other industries in the survey included manufacturing, healthcare, technology, educational institutions and nonprofits. Firms with between $1 billion and $10 billion in revenue comprised 30 percent of respondents and large businesses with more than $10 billion in revenue represented 16 percent, but 54 percent of respondents came from smaller and middle market companies with less than $1 billion in revenue.
*A version of this story ran previously in our sister publication Insurance Journal.