The majority of large companies lack cyber insurance even if business interruption costs due to data breach is the top cyber risk concern for firms across all industries, according to a new study by Aon Global Risk Consulting.
The risk management provider has released its 2016 Captive Cyber Survey report which shows that 61% of survey respondents buy cyber limits ranging from $10 million to 25 million. Overall, however, 60% of large companies do not buy cyber insurance.
“Our findings also indicate that there is a disparity between companies recognising that cyber is one of the fastest growing and permeating risks, and actually understanding what their individual exposures and coverage needs are,” said Peter Mullen, Aon captive and insurance management practice CEO.
The survey also found that only 25% of respondents who buy cyber limits are confident that they comply with international best practices and standards for information security governance.
“Given the evolving nature and complexity of cyber exposures, we found that the use of cyber risk assessments is surprisingly low,” said Kevin Kalinich, Aon Risk Solutions global practice leader for cyber/network risk.
To close the gap between a company’s cyber risk awareness and low use of risk assessment, businesses are looking at insurance captives, according to Mullen, who spearheaded the new Aon study.
“Captives are a great alternative risk transfer solution for bridging this gap while the industry’s approach to cyber risk management catches up to the evolving pace of technology,” he said.
The Aon survey findings indicate that 94% of companies would share risk with others in their industry as part of a captive facility writing cyber.
Aon also expects alternative risk transfer options to become increasingly sought after as these solutions give companies some control over underwriting, coverage scope and claims adjustment.