Companies Let Most Technology Assets Go Unprotected: Aon/Ponemon

May 12, 2015

Cyber is one of the fastest growing risks for companies across the globe, and information technology assets are often as valuable as property assets, yet companies are only protecting 12 percent of those assets compared to 51 percent of tangible property assets.

Put another way, information technology assets are 39 percent more exposed than property assets on a relative value to insurance protection basis, according to the 2015 Global Cyber Impact Report from the research firm Ponemon Institute that was sponsored by insurance broker Aon plc.

“The perception of the risk is interesting. It’s clear that there is a risk and losses can be anticipated, but organizations are not insuring against the risk,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

The survey also found that 52 percent of respondents believe their companies’ exposure to cyber risk will increase over the next two years.

Kevin Kalinich, global practice leader for cyber/network risk at Aon Risk Solutions, said the survey is unique as it focused on the relative financial statement impact of cyber incidents compared to tangible asset vulnerabilities.

“The explosion of cloud computing, mobile devices, big data analytics and the Internet of Things is creating enterprise risk management issues that are rapidly growing with the increased use of information assets and technology,” Kalinich said. “Companies large and small are advised to consider cyber threats in this perspective.”

The report’s findings should help risk managers take a broader look at their organization’s overall risk profile to help establish comprehensive insurance coverage is in place compared to the impact of each risk on the organization, said Kalinich.

Ponemon surveyed more than 2,200 companies in nearly 40 countries.

Additional findings:

  • Fifty percent of respondents say their company would disclose the loss of property, plant and equipment in its financial statements. However, 34 percent of respondents say information asset losses do not require disclosure.
  • Nineteen percent of respondents say their company has cyber insurance coverage.
  • Thirty-seven percent of companies surveyed experienced a material or significantly disruptive security exploit or data breach one or more times during the past two years and the average economic impact of the event was $2.1 million.
  • Five years from now the projected growth in the use of internet-connected devices will grow from 10 to 50 billion.

Source: Aon/Ponemon

Related: