Cyber-Related Ransomware and Business Interruption Top Concerns of Risk Managers

Zurich North America Insurance and Advisen Ltd. has released the tenth annual Advisen cyber survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk management. This year's survey features the highest percentage of cyber insurance buyers ever – nearly 80 percent carry some level of cyber insurance (55 percent of respondents with cyber coverage have a stand-alone policy). This take-up rate for cyber insurance has steadily climbed since 2011, the first year of the survey, when just 34 percent of respondents bought some type of cyber coverage.

Source: Zurich-Advisen | Published on October 20, 2020

Hacker using laptop. Hacking the Internet.

Key findings of the 2020 survey include:

  • Business interruption is viewed as the worst outcome of a ransomware event by 43 percent of respondents; reputational harm was cited as the second-worst outcome by 29 percent, and other outcomes such as loss of data (15 percent) and loss of funds/paying the ransomware (11 percent) were viewed as far less impactful.
  • Sixty percent of respondents feel either "extremely prepared" or "prepared" to respond to a ransomware event, while 33 percent feel "somewhat prepared."
  • Just over a third (35 percent) of respondents provide annual training for employees on cyber risks, while 24 percent conduct quarterly trainings.
  • Similarly, 30 percent of respondents only assess their company's exposure to cyber risks on an annual basis, indicating potential gaps in security.
  • Eighty-one percent of respondents have not changed their cyber security spend, despite financial constraints due to COVID-19. Last year's survey revealed boosting cyber security budgets as a priority and the lack of change amid the pandemic marks a positive sign.

"Unprecedented change in the world requires us to think differently and act with agility. This survey reveals that customer expectations are changing as their level sophistication about cyber risks have grown," said Michelle Chia, Head of Professional Liability and Cyber for Zurich North America. "Risk managers increasingly are connecting the dots between high-profile cyberattacks, business interruption, and reputational risk – and they're looking for coverage that protects their business at the right price."

Zurich will discuss the key findings, analysis and conclusions during this week's Advisen's Virtual Cyber Risk Insights Conference New York. Free registration for the virtual conference is available at https://ev2.perigonlive.com/7-evt16b6ec22bb0f4e70957dc91887162b4e.

For 10 consecutive years, Zurich North America and Advisen Ltd. have collaborated on a survey designed to gain insight into the current state of and ongoing trends in cyber risk management and insurance.

The results reflect more than 400 respondents representing risks managers, insurance buyers and other risk professionals covering both large and small companies around the world. Finance, banking and insurance industries are the most highly represented. Businesses of all sizes responded to this year's survey. Firms with between $1 billion and $10 billion in revenue comprised 30 percent. Large businesses with more than $10 billion in revenue represented 16 percent, but the majority of respondents came from smaller and middle market companies (less than $1 billion in revenue) at 54 percent.

Interested parties can link to the complete survey results Information Security and Cyber risk Management: The tenth annual survey on the current state of and trends in information security and cyber risk management.

More information about Zurich's cybersecurity solutions can be found at https://www.zurichna.com/en/industries/technology/secpriv