Corporations’ Cyber Insurance Problem: Underprotected and Underinsured

When it comes to data breaches, why are corporations largely uninsured?

Nearly six in 10 small and medium-sized enterprises (SMEs) don’t have a cyber insurance policy, according to the new report “Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017,” a survey of 200 organizations in the U.S. and U.K. The study found that not only did 57 percent of SMEs lack a cyber insurance policy, but only one-quarter of these uninsured organizations said they were likely or very likely to purchase cyber insurance.

These organizations’ lack of interest in protecting themselves with insurance is troublesome. After all, 63 percent of the surveyed SMEs had suffered at least one cyber incident – such as a data breach, a spear-phishing attack, or a lost or stolen laptop – during the last 12 months.

Not surprisingly, the SMEs that understand they are prospective targets are more likely to make cyber insurance a key component of their cybersecurity arsenal. Almost six in 10 insured respondents viewed themselves as a target compared to 27 percent of those who were uninsured.

 

63 percent of all respondents have been the victims of a cyber incident during the last 12 months.

Today’s new normal: attacks, attacks and more attacks

Organizations that do not view themselves as a potential cyber target do not appreciate what it means to be a digital organization in today’s hyperconnected world.

Argo’s survey found that 63 percent of all respondents had been the victims of a cyber incident during the last 12 months. In fact, one in four respondents are blindsided by a phishing email, ransomware attack or other cyber incident at least once a month.

Smaller companies are less likely to be insured

The survey also interviewed brokers about clients and their cyber preparedness, types of cyber incidents, and attitudes toward cyber insurance.

The vast majority (81 percent) of the brokers said many of their clients don’t understand the importance of cyberthreats to their business, and they aren’t allocating sufficient resources to defend against them. This is particularly true of small SMEs.

Cyber insurance coverage also varies significantly by company size. The larger an SME is, the more likely it will have a policy. For instance, the Argo survey found that:

  • 27 percent of SMEs with annual revenues below $25 million had insurance.
  • 48 percent of SMEs with annual revenues between $25 million and $100 million had insurance.
  • 55 percent of SMEs with annual revenues between $100 million and $250 million had insurance.

Overall, large SMEs are twice as likely to protect their business with cyber insurance than small SMEs.

Insured customers are happy customers

The second leading reason that SMEs gave for not buying cyber insurance is cost. However, respondents that have insurance are overwhelmingly positive about their policy.

  • 87 percent of SMEs reported their insurance performed as expected.
  • 86 percent said their insurance covered the costs of their security breaches.
  • 67 percent were happy with their insurance and had no plans to change their provider until they review their policy in 12 months.

One area for improvement is the need for a faster response time to claims, a factor that was singled out by 32 percent of brokers.

Cyber insurance demand expected to grow despite hesitation

Read the full survey results to learn more about how businesses are approaching cyber security and how brokers are ensuring businesses have adequate coverage.

Respondents that have insurance are overwhelmingly positive about their policy.

Up Next

Life at Argo

Argo Employees Improve the World Around Them

Argo employees come together for a cause, collecting funds – and hair – to help sick kids, cancer patients and disadvantaged bike riders.

This website uses cookies to deliver tailored content to you, collect anonymous statistics and maintain login sessions.

You may decline our use of cookies in your browser; however, certain portions of this website may not function properly. Click here for our privacy policy and information.