50% of Risk Managers Bought or Increased Cyber Insurance in Last Year: HSB

May 18, 2016

Fifty percent of U.S. businesses have either purchased cyber insurance for the first time or increased their level of coverage in the last year, according to a survey of risk managers by The Hartford Steam Boiler Inspection and Insurance Co. (HSB).

At the same time, 30 percent of businesses do not have any level of cyber insurance coverage. The risk managers cite its perceived complexity (44 percent), lack of a sufficient threat (34 percent) and cost (22 percent) as the primary reasons for not buying coverage.

The cyber insurance market is evolving with carriers continuing to work out underwriting requirements, prompting some experts to characterize the market for cyber coverage as “volatile.”

But insurers see the market as having great potential. A report from insurer Allianz Global Corporate & Specialty predicted cyber insurance premiums will grow globally from $2 billion per year to more than $20 billion over the next decade.

The HSB survey, which was conducted with 102 risk managers at April’s RIMS conference, shows that most businesses have been affected by cyber attacks. Nine of 10 businesses experienced at least one hacking incident in the past year and the number of attacks increased 21 percent from 2015, according to the survey.

Sixty-four percent of risk managers say they have experienced more than six hacking incidents in the last year — up from 32 percent in 2015.

“Hackers are even more relentless,” said Eric Cernak, Cyber Practice leader for Munich Re, which owns HSB. “U.S. businesses are under constant assault.”

Risk managers say they are worried about the safety and security of Internet of Things (IoT) devices, with only 28 percent saying they are safe for business use. Despite these concerns, more than half (56 percent) of the businesses implemented or plan to implement such devices.

“As businesses use IoT devices to improve productivity and efficiency, they must think about the security costs,” said Cernak. “Hackers are always looking for ways to access company business systems and connected devices provide additional infiltration points. It’s important to control security features on these devices and monitor employee use.”

Primary concerns about cyber technology include the loss of confidential information (44 percent), government intrusion (27 percent) and service/business interruption (17 percent).

When asked about the risk management services they have deployed to combat cyber risk, risk managers point to encryption (44 percent; up from 25 percent in 2015); intrusion detection/penetration testing (28 percent; down from 32 percent) and employee education programs (12 percent; down from 25 percent).

Hartford Steam Boiler’s 2016 Cyber Poll was conducted by in-person interviews with 102 risk managers at the Risk and Insurance Management Society Conference (RIMS) in San Diego in April. The interviewed risk managers represented small (1-99 employees), mid- (100-999 employees) and large-sized (1,000+ employees) businesses in the following industries: manufacturing; financial and professional services; retail; technology; government and military; education and public entities; aerospace, defense and technology; and healthcare.

Source: HSB 2016 Cyber Poll
Related: