A third of business and public-sector organizations buy cyber insurance to help protect them financially against data breaches and other security exploits, according to a new Ponemon survey. According to a Network World report, the survey of 638 U.S. organizations shows that there is still a lot of skepticism on whether the insurance is worth the cost.

Another key finding is that the CIO and IT security divisions have only a small influence on whether to buy cyber insurance, while risk management, business leaders and chief financial officers have the final word, the article reports.

Forty-three percent of respondents say they don’t have plans to buy cyber insurance, mainly because the premiums are considered too expensive and there are “too many exclusions, restrictions and uninsurable risks.” Twenty-six percent of respondents admitted that their organizations “are unable to get insurance underwritten because of our current risk profile.”

Of those who have purchased cyber insurance, however, 30 percent said their companies had experienced a security exploit or data breach and had submitted a claim for losses. Many had also asked for assistance following a breach. Businesses that had submitted claims for cyber insurance expressed overall satisfaction (95 percent).