If you estimated your business had a two-out-of-three chance of a break-in in the next year, what are the odds you wouldn’t take out liability insurance?
Having policy coverage when you’re confident an unexpected event will happen to your business is a no-brainer. But executives aren’t connecting those dots when it comes to cyber risk insurance.
A recent study from the Insurance Journal found that 61 percent of executives expect a breach in the next year, but 27 percent of those same individuals have no plans to take out a cyber insurance policy. This trend is also more prominent in the United States, where 50 percent of businesses have no cyber insurance policy, versus around 40 percent in the United Kingdom and Canada.
So what has executives nervous about protecting their data — arguably their most important asset? The study found companies want clarity when it comes to policy premiums and adjustments. Additionally, businesses want the insurance industry to come up with a standard for gauging cyber risk. But to do so, they might need to meet in the middle.
A Deloitte study found that it’s a lack of data that is scaring insurers from offering more enticing policies. They often have no history of cyber breaches to use as a baseline for cyber policies. The report asserts this is leading to a “vicious circle” of data-related obstacles. A small data pool leads to less confidence for underwriters, which results in modest policy limits, which in turn makes businesses wonder if it’s worth having insufficient coverage. And that all leads back to the root problem — insurers can’t get the data they need because they are having difficulties signing up clients.
The bigger problem is this: Companies don’t have the leisure of sitting on their data, hoping that they don’t fall victim to a data breach. Cybercrime is set to cost $6 trillion a year by 2021, making cyber insurance a must for businesses. But to make the most of taking out a policy, enterprises need to take a sober assessment of their current cyber risk and work with insurers to be transparent up front.
Cyber insurance is working for businesses that opt into it, especially at small companies with annual revenues less than $50 million. One study found that companies without insurance had costs up to 30 percent higher than those with insurance,
To quell insurers’ fears — and maintain strong cyber hygiene practices — businesses need to be cognizant that cyber insurance isn’t some panacea that’s going to magically make the negative effects of a breach disappear. Just like any other insurance policy, any sign of negligence to avoid a risk is a reason for an insurer to stop coverage. Getting cyber risk insurance is never a replacement for investing in technologies that will deter a major breach, maintaining a culture of awareness regarding malware and phishing attacks, and having an organization-wide plan for addressing a breach once one occurs.
The key to getting the most out of cyber insurance is getting businesses and insurers to share more information and meet in the middle to carve out a policy that is beneficial to both parties. With cybercriminals making a $3 profit for every $1 industry spends defending cybercrime, cyber insurance is a prime way to close that gap on risk without forcing companies to throw money at a problem that is constantly evolving.
Want more information on how to position your cybersecurity company in a competitive market? Contact Merritt Group, info@merrittgrp.com, today for more information!