43% of mid-sized businesses have suffered this loss, but only 20% have coverage

While most firms will experience this loss, the majority are woefully underinsured and brokers have a duty to help.

Insurance News

By

More than one in four mid-sized businesses say they have experienced a data breach in the past three years, according to a new study from The Hartford. Yet, the Ponemon Institute reports that just one in five businesses have a current cyber liability policy in place.

The survey asked business owners and C-level executives of businesses with annual revenues of $10 million to $1 billion to answer questions about their priorities and concerns relating to data breach.

According to the results, 43% of businesses have experienced a recent data breach and 82% consider a data breach to be at least a minor risk to their business. Nearly one-third view it as a major risk.

Despite the prevalence of and concern over breaches, however, most businesses are underinsured. The Ponemon Institute reported in May that just 20% of businesses have cyber insurance.

That leaves a clear opening for independent insurance agents that can sell their commercial clients on the importance of proper protection.

“All types of businesses have networks and networks can be vulnerable to a breach. As we have seen in recent years, a breach involving a supplier or vendor can impact a business as much as a breach of its own IT systems,” said Joe Coray, vice president of The Hartford’s Technology & Life Science Practice. “Whether businesses are hosting their data internally or entrusting it to external business partners, it is important that they validate how their information is being secured.”

Unfortunately, while the cyber market is growing, some problems remain. According to Kevin Kalinich, leader of the global cyber risk practice for Aon Risk Solutions – which sponsored the Ponemon study – it is difficult to find policies with adequate limits.

“We are working with alternative markets because the traditional cyberinsurance markets run out of capacity between $200 million and $300 million,” Kalinich said.

Evaluating vendors’ IT security and data protection protocols is a key part of risk management for businesses, yet many fall behind in other, related ares. In fact, only 36% told The Hartford they consider a supplier’s contingency planning and 28% view a supplier’s location relative to their business as very important.

“Given what is at stake in terms of a company’s operations and reputation, evaluating a prospective supplier or vendor’s IT security and data protection protocols against current best practices should be a critical part of a company’s due diligence process,” he said.

The online survey received more than 500 respondents and had a margin of error of +/- 4.3% at the 95% confidence level.
 

Keep up with the latest news and events

Join our mailing list, it’s free!