Cyber exposure underestimated as just 15% of PML covered by insurance
Written by staff reporter
Organisations spend four times more on physical risks than they do on information assets, according to a new report carried out by the Ponemon Institute and Aon.
According to the 2017 EMEA Cyber Risk Transfer Comparison Report, this is in spite of a growing recognition of the value of technology and data assets relative to historical tangible assets. Some 38% of EMEA businesses have suffered a cyber related loss in the last 24 months, averaging US$3.3m per loss; yet, only 15 percent of their probable maximum loss (PML) is covered by insurance. This is in stark contrast to the policy limits purchased against physical assets , where around 60% of PML is typically covered. The report also shows that the impact of business disruption to information assets is 50% greater than to physical assets.
“Our goal is to compare the financial statement impact of tangible property and network risk exposure,” said Dr. Larry Ponemon. “A better understanding of the relative financial statement impact will assist organisations in allocating resources and determining the appropriate amount of risk transfer resources to allocate to the mitigation of network risk exposures.”
Vanessa Leemans, COO for Global Cyber Insurance Solutions at Aon commented: "This study compared the relative insurance protection of certain tangible versus intangible assets. We found that most organizations spend much more on fire insurance premiums than on cyber insurance, despite stating in their publicly disclosed documents that a majority of the organization’s value is attributed to intangible assets.”
The report also found that only 30% of businesses are “fully aware” of the legal and economic consequences of European Union General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, and introduces a 72-hour notification for all personal data breaches – except those unlikely to pose a risk to individuals. Fines for non-compliance with the GDPR will increase to as much as €20m or 4 percent of an organization’s global turnover (whichever is highest). Insurance carriers are starting to see an increase in demand for cyber coverage as cyber exposure awareness becomes an enterprise-wide issue.