RIMS Cyber Survey 2015: 51% of members have stand-alone cyber insurance policies by Rosalie Donlon
Top three first-party exposures for risk managers are reputational harm, business interruption, and data breach response and notification
Every day the reports of cyber attacks become more alarming.
According to a federal employee union, as reported by AP, on June 11 the recent cyber attack of Office of Personnel Management data gave the hackers access to personal identifiable information about every government employee. No one can be sure what’s next, but one thing is for sure: risk managers have to be prepared for a cyber incident sooner rather than later.
To assess risk management strategies among its members, RIMS conducted its first cyber survey, asking about insurance investments, exposures, cyber security ownership and government involvement, as well as identification methods and response procedures.
The survey was answered by 284 of RIMS’ professional members in the United States. The majority of the survey respondents represented organizations with more than $1 Billion in revenue (58%), from a wide-range of industries, with most in manufacturing (16%) and financial services (13%).
Here are some key findings:
- 51% of respondents purchase stand-alone cyber insurance policies
- 58% of those with cyber insurance policies carry less than $20 million in cyber coverage, while 49% of those are paying more than $100,000 in premium
- 74% of those without cyber coverage are considering obtaining coverage in the next 12 to 24 months
- 77% of respondents credit Enterprise Risk Management (ERM) for identifying cyber risk
Source: RIMS Cyber Survey 2015
The top three first-party exposures reported are:
- Reputational harm (79%)
- Business interruption (78%)
- Data breach response and notification (73%)
Source: RIMS Cyber Survey 2015
“It seems like every day risk professionals are confronted by new cyber attacks and forced to take immediate action to protect their organizations before it’s too late,” said RIMS President Rick Roberts. “The key to successfully mitigating the impact of a cyber-breach—or even preventing one in the first place—is knowledge. RIMS Cyber Survey offers the global risk management community valuable insight, showing how organizations are trying to stay ahead of this top concern.”
Cyber coverage
The survey posed several questions related to cyber insurance coverage and risk transfer. When asked whether their organization transfers the risk of cyber exposure to a third party, 58% answered yes. Of the respondents, 51% said they had a stand-alone cyber insurance policy. Of that nearly 51%, only 8% answered yes when asked whether their purchase of cyber insurance was the result of contractual obligations.