Cyber Insurance Market Grows, But Adoption of Risk Management Services Lags
Cyber insurance is increasingly seen as a crucial tool in managing cyber risk, with 72% of surveyed risk professionals and insurance buyers purchasing standalone policies, yet opportunities remain for insurers to improve client resilience beyond risk transfer, according to a recent survey by QBE North America and Zywave.
The cyber insurance market has experienced tremendous growth in recent years, driven by the unfortunate reality of the high rate of cyber incidents impacting organizations, according to the survey report.
The survey found that over 60% of respondents had experienced a cyber event, highlighting the pervasive threat of cyberattacks that can lead to data loss, compromise, and significant business disruptions. Yet only 36% of those respondents actually filed a cyber insurance claim, with the remainder either not having coverage at the time of the event or facing costs that fell below their policy’s deductible, the survey found.
As cyber risk has increased, cost has become less of a barrier to purchasing cyber insurance. When asked about challenges in managing organizational cyber risk, the cost of cyber insurance ranked fourth, behind higher-priority issues like the cost of cybersecurity systems and services and the availability of qualified IT staff. This suggests that organizations increasingly view cyber insurance as a necessary investment as part of their overall cybersecurity strategy, the report stated.
When cyber incidents do occur and claims are filed, survey respondents reported largely positive interactions with their insurers. Nearly half, 47.8%, said their insurer “handled their claim quickly, efficiently and with an eye toward excellent service,” while only 6% indicated their needs were not met.
“The chief complaints by the survey respondents regarding the claims process were the length of the claim resolution process, a lack of communication and the tone of interactions,” the report noted.
Beyond the crucial risk transfer that cyber insurance provides, 83.5% respondents pointed to breach response services and 73.4% cited incident response planning as the most valuable features of their policies.
However, the survey found that many risk professionals may be overlooking a wide range of other value-added coverages and services often included in cyber insurance offerings, from employee training to threat intelligence and security assessments. Nearly a third of respondents, 32.5%, said they were not aware of any free risk management services provided with their cyber insurance policy.
This presents an opportunity for insurers and brokers to better communicate the full scope of the cyber risk management tools they can provide, according to QBE and Zywave.
Engaging C-suite executives and board members more frequently in cyber risk discussions also emerged as an important need.
While CXOs and boards play significant roles in an organization’s cybersecurity, their familiarity with cyber insurance varies considerably.
According to the survey, “Nearly 50% of respondents said their boards are ‘somewhat familiar’ with the cyber insurance policy and services, less than 20% are ‘extremely familiar’ with the policy and services, and 16% are ‘not at all familiar.'” Given these different levels of awareness, insurers and brokers have an opportunity to articulate the value of both the risk transfer and risk management features of cyber policies to key decision-makers.
Finally, the survey illuminates the desire among cyber risk professionals for more education on cyber threats, risk quantification, and anonymized claims information to better understand potential impacts of cyber risks.
The top reason that respondents want to interact with their cyber insurance carrier was to report cyber incidents or breaches for coverage and assistance, 64.6%, followed by reviewing and updating the current cyber insurance terms and coverage, 59.1%, and discussing industry trends and best practices, 53.6%.
View the full survey here. &