Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, August 07, 2013

Concerns Over Cyber Security Risks Outweigh Traditional Risks for Large Firms: Study

The study, titled “Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age” and conducted by Experian Data Breach Resolution and the Ponemon Institute, reported that 41 percent of large businesses (those with 500-plus employees) believe cyber security risks are greater than other insurable business risks such as natural disasters, business interruption and fires. Despite growing concerns over cyber security, the study also found that less than one-third of respondents (31 percent) have purchased cyber insurance coverage, according to the study, However, those firms that do not currently have insurance coverage – more than half of all survey respondents (57 percent) – indicated they plan to purchase cyber security coverage in the near future. Of the 56 percent of respondents that had breaches, the average cost of these incidents was reported at $9.4 million in the last 24 months.

“We are reaching a tipping point where the majority of companies we surveyed now rank cyber security risks as high as other major insurable business risks,” said Michael Bruemmer, vice president at Experian Data Breach Resolution.

Among those companies that had an incident in the past 24 months, 70 percent of respondents said the experience increased their interest in these policies.

However, those costs are only a fraction of the average maximum financial exposure that the companies surveyed (breached or not) believe they could suffer because of cyber incidents. Respondents quantified the average potential maximum financial risk of a data breach at $163 million, with some projecting more than $500 million in damages.

For those firms that chose to go without coverage, 43 percent indicated that it is because of the cost and too many exclusions, restrictions and uninsurable risks.

“Going through the process of evaluating cyber insurance for their company, 62 percent of the people said that they felt like their company was in a better state of readiness because of going through the process of evaluating cyber insurance, which means that just the preparation and awareness help to improve their level of capability for an incident response for a data breach,” said Bruemmer.


Posted on 08/07