Cyber insurance is still a priority for risk professionals and stand-alone policies continue to gain international prominence, according to the 2017 RIMS Cyber Survey.
The survey’s 288 respondents represented industries ranging from financial services, government and non-profit and manufacturing to retail, health care and more.
Based on survey insights it is clear that cyber exposure is a primary concern, with nearly half of respondents confirming they are spending more now than they did last year to protect against it. The most alarming elements of risk continue to include business interruption and its consequent expenses, reputational harm, and notification and response costs. In light of recent ransomware attacks, 72% indicated that cyber extortion is also an important and growing first-party exposure their organizations are facing—a 9% increase from 2016.
Key findings from this year’s RIMS Cyber Survey include:
- Organizations with a stand-alone cyber insurance policy increased 3% (to 83%) from 2016.
- Of the organizations without a stand-alone cyber policy, 84% indicated that other insurance policies include cyber liability coverage.
- Nearly three-quarters (72%) of respondents transfer cyber exposures to a third-party (up 3% from 2016).
- Only 34% of respondents thought that the government should mandate cybersecurity standards.
With 61% of respondents considering purchasing cyber coverage in the next two years, it is likely the industry will continue to see slow-but-steady growth. But with 83% of respondents reporting that their companies have stand-alone cyber insurance policies, up 3% from 2016, the survey suggests that the market for these policies may be nearing maturity.
“At any given moment, cyber predators can unleash a new hack to infiltrate an organization’s system, steal or lock critical data and cause significant business interruption damages,” said RIMS President Nowell Seaman. “RIMS Cyber Survey shows that risk professionals continue to invest in cyber insurance products and must work in tandem with their insurers and IT professionals to help develop innovative and adaptable solutions for the next generation of cyber threats.”