Cyber insurance still leaves breach victims out of pocket

by |
New research by a leading insurance analytics and information service has suggested that businesses with cyber coverage are still left out of pocket when it comes to a data breach.

The research from Advisen and ID Experts has found that “the vast majority” of cyber breaches fall below cyber insurance deductibles leaving businesses with costs.

Entitled, Mitigating the Inevitable: How organisations manage data breach exposures, the survey of more than 200 risk professionals found that 25% of respondents suffered a data breach over the last 12 months that fell 91-100% below their deductibles.

“In fact, of the respondents who purchase cyber insurance and have identified a data breach in the previous twelve months, nearly all fell below their deductibles,” the report states.

“While cyber coverage is increasingly viewed as an essential part of many corporate insurance programs, it is designed to protect against low frequency but high severity occurrences.”

The report notes that, as cyber is a relatively new form of coverage, organisations are still grappling with its application and their own cyber security concerns.

“Cyber insurance is a relatively new coverage and the number of claims filed is comparatively few compared with more mature lines of business,” the report continues. “But in reality, even if a data breach is large enough to trigger coverage under a cyber insurance policy, organisations will still often be required to assume some of the financial burden.

“For example, the cost of the breach could have exceeded the amount of coverage purchased, or the losses could have fallen under one of the policies exclusions such as intellectual property, infrastructure, and/or reputational loss.”

The report backs cyber coverage as a helpful tool in the fight against cyber attacks as the coverage often includes benefits that businesses can use in response to breaches pointing to the importance of these value-adds when dealing with the cover.

“In addition to loss indemnification, cyber policies also provide access to a variety of tools and services such as risk assessment tools, data breach incident response plans, and educational resources, to help manage cyber security risks,” the report states.

“Seventy percent of respondents said that their policy offers free tools to help manage their cybersecurity risks. Forty-four percent of the respondents said they have used them.”