Data Breach and Suppliers
With some four-out-of-10 mid-sized businesses having had a cyber breach in the past three years, it’s no wonder that the take up rate for cyber insurance is rising. And it’s expected to jump even further in the next 12-24 months.
According to a recent survey by The Hartford of midsize business owners and C-level executives, 43 percent of mid-sized businesses say they have experienced a data breach in the past three years and 13 percent have had a supplier’s data breach impact their business information. Most midsize business leaders (82 percent) consider a data breach at least a minor risk to their business, while nearly one-third (32 percent) view it as a major risk. A majority (53 percent) consider IT security and data protection practices “very important” when selecting a suppliers.
“All types of businesses have networks and networks can be vulnerable to a breach,” said Joe Coray, vice president of The Hartford’s Technology & Life Science Practice. “As we have seen in recent years, a breach involving a supplier or vendor can impact a business as much as a breach of its own IT systems. Whether businesses are hosting their data internally or entrusting it to external business partners, it is important that they validate how their information is being secured.”
Even so, only 36 percent consider a supplier’s contingency planning and 28 percent view a supplier’s location relative to their business as very important.
“Given what is at stake in terms of a company’s operations and reputation, evaluating a prospective supplier or vendor’s IT security and data protection protocols against current best practices should be a critical part of a company’s due diligence process,” said Coray.
Of those risk managers buying cyber insurance today, reputational harm (79 percent), business interruption (78 percent) and data breach response and notification costs (73 percent) are the chief exposures they are trying to address, revealed a new survey by the Risk Management Society (RIMS).
The RIMS survey also looked at cyber insurance buying practices and found:
- 51 percent of respondents purchase stand-alone cyber insurance policies.
- 58 percent of those with cyber insurance policies carry less than $20 million in cyber coverage, while 49 percent of those are paying over $100,000 in premium.
- 74 percent of those without cyber coverage are considering procuring coverage in the next 12-24 months.
- 77 percent of respondents credit enterprise risk management for identifying cyber risk.