The average cyber breach falls below most cyber insurance policy deductibles, a study conducted by insurance information and analytics company Advisen indicates.
According to the analysis, which was commissioned by ID Experts, most of the data breaches analyzed were small, consisting of about 500 records lost, with the median data breach at 100 records. The study also found that most cyber insurance policies are designed to cover for larger and costlier data breaches. About 90% of the study’s respondents said they have a deductible greater than $10,000 and 48% said their deductible is over $101,000.
Notably, the study also found that 70% of respondents said that they use internal resources to manage smaller breaches.
“There’s a lot of misconceptions around cyber security insurance -- what it does, what it could do,” said SANS director of emerging security trends John Pescatore. “The survey brought out a lot of the reality of [cyber insurance’s] limited role.”
ID Experts director of breach services Jeremy Henley believes that carriers need to be more involved in data breach incidents, but he knows that not all companies are willing to disclose such attacks since they do not want to deal with the resulting increased premiums.
Henley noted that clients could try to establish a “comfort level” with their carriers so that the insurers can provide helpful advice and services to potentially mitigate the costs of smaller breaches. He also noted that many of the smaller breaches as of late are related to W2 forms, as the tax season approaches.
