As Cyber Concerns Broaden, Insurance Purchases Rise

April 1, 2015

Cyber-attacks are escalating in their frequency and intensity, and pose a growing threat to the business community as well as the national security of countries. High-profile cyber incidents in 2014 reflected the expanding spectrum of cyber threats – from point-of- sale (POS) breaches against customer accounts to targeted denial-of-service (DoS) attacks meant to disable a company’s network. Insureds in ever-larger numbers sought financial protection through insurance, buying coverage for losses from data breaches and due to business outages. In 2014, the number of U.S.-based Marsh clients purchasing standalone cyber insurance increased 32 percent over 2013, according to the report Benchmarking Trends: As Cyber Concerns Broaden, Insurance Purchases Rise, by Marsh USA. The cyber take-up rate – the percentage of existing Marsh financial and professional liability clients that purchased cyber insurance – rose to 16 percent, according to Marsh.

Healthcare and education clients had the highest cyber insurance take-up rates in 2014 at 50 percent and 32 percent, respectively, followed by hospitality and gaming (26 percent) and services (22 percent), according to the report. Other areas included the power and utilities sector, with 47-percent more clients buying standalone cyber coverage.

The reasons for purchasing cyber coverage varied, says Marsh – from board-mandates protecting reputations to mitigating potential revenue loss from cyber-induced interruptions of operations. Insurers responded to this demand by offering broader cyber insurance coverage in 2014, including coverage for contingent business interruption (CBI) and cyber-induced bodily injury and property damages.

Companies with revenue exceeding $1 billion purchased 22-percent higher cyber insurance limits on average in 2014 at $34.1 million compared to $27.8 million in 2013, says Marsh. Among these large firms, financial institutions again purchased the highest average limits, followed by power and utilities firms and communications, media and technology companies.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.