Zurich North America Insurance, together with insurance data provider Advisen, has released the results of its latest cyber survey of corporate risk managers and insurance buyers, which found that cyber risk management across organizations continues to gradually improve.
The tenth annual Advisen cyber survey featured the highest percentage of cyber insurance buyers since its inception – nearly 80% of surveyed corporate risk managers and insurance buyers carry some level of cyber insurance, while 55% of respondents said that they have cyber coverage through a standalone policy.
Zurich North America noted that the take-up rate for cyber insurance has steadily increased since 2011, when the survey first launched. Back then, only 34% of respondents bought some type of cyber coverage.
Other key findings of the survey included:
- Business interruption is considered the worst outcome of a ransomware event by 43% of respondents, followed by reputational harm at 29%. By comparison, loss of data (15%) and loss of funds/paying the ransomware (11%) were viewed as “less impactful.”
- Sixty per cent (60%) of respondents feel that they are either “extremely prepared” or “prepared” to respond to a ransomware event; 33% feel “somewhat prepared”.
- Thirty-five per cent (35%) of respondents provide annual training for employees on cyber risks, while 24% conduct quarterly trainings.
- Thirty per cent (30%) of respondents only assess their company’s exposure to cyber risks on an annual basis.
- Eighty-one per cent (81%) of respondents have not changed their cyber security spend, despite the financial constraints caused by COVID-19 – this lack of change marks a “positive sign,” Zurich commented.
“Unprecedented change in the world requires us to think differently and act with agility. This survey reveals that customer expectations are changing as their level of sophistication about cyber risks have grown,” said Zurich North America head of professional liability and cyber Michelle Chia.
Chia noted that risk managers “increasingly are connecting the dots between high-profile cyberattacks, business interruption, and reputational risk,” and they are seeking coverage that protects their organizations for the right price.