77% of Large to Mid-size U.S. Companies Will Have Cyber Insurance in the Next Year: Munich Re

Cyber coverageForty-two percent of risk managers in the U.S. plan to increase their level of cyber insurance or purchase cyber insurance for the first time in the coming year, according to a survey by Munich Re, one of the world's leading reinsurers. Likewise, 77 percent of companies intend to have some level of cyber insurance coverage in place in the next 12 months. The survey of risk managers was conducted at the Annual Conference of the Risk and Insurance Management Society (RIMS), held April 27-30 in Denver.

Source: Source: Munich Re America | Published on June 4, 2014

Among the more than 100 risk managers surveyed, the vast majority (82 percent) feel there are suitable and adequate cyber insurance policies available to meet their needs. Of the 23% that do not plan to purchase cyber insurance, five out of six feel that current insurance offerings do not meet their needs or would not be relevant for their business.

"Risk managers recognize that there is an increasing possibility that their company will experience a breach or loss of data, regardless of the steps they take to secure this data," said Gerry Finley, Senior Vice President, Casualty Underwriting, Underwriting Services, Munich Re America.  "They understand  that having financial protection is an important component of managing this increasing risk."  

Prevention is Key
As companies look to manage their cyber risk exposure, 42 percent of risk professionals state that conducting regular network penetration tests or security audits is the best way to mitigate risk.  Additional risk mitigation tactics include:

  • Hiring trained security personnel to handle the cyber exposure (16 percent)
  • Conducting automated/centralized security patch updates (15 percent)
  • Outsourcing IT applications and data warehousing (12 percent)
  • Ensuring acceptable use of policies and procedures (9 percent)
  • Purchasing insurance (7 percent)

"For businesses, it's far easier and less expensive to prevent a cyber-related loss than to recover from one," said Eric Cernak, Vice President of Hartford Steam Boiler, a subsidiary of Munich Re which works with companies to address data risks. "Regular network penetration tests along with automated security patches should be a key component of a company's risk mitigation plan.  These actions greatly reduce the probability of incurring loss due to a cyber incident."  

Moving to the Cloud
Forty-three percent of risk managers are reluctant to use or increase their use of cloud software because of data security risks. Among those individuals, hacking was a top concern when it comes to putting data in the cloud (29 percent), followed by theft of data (25 percent), loss of control over data (22 percent), loss of data (13 percent) and loss of access to data (11 percent).  

"We were surprised that the number of risk managers reluctant to use or increase their use of the cloud computing was not higher," Tim Zeilman, vice president of Hartford Steam Boiler, said.  "This seems to indicate that large and mid-sized companies are becoming more comfortable with cloud solutions."

The complete survey results are included at the end of this document.

Methodology
The study was conducted on-site at the Risk and Insurance Management Society Conference (RIMS) in Denver, Colorado from April 27 - 30, 2014, and is intended to represent the sentiments of 100 risk manager attendees who participated in in-person interviews, primarily from large and mid-size companies.