Cyber Insurance May Fall Short of Cyberattack Costs

Cybersecurity firm CYE finds that 80% of insured companies lack sufficient coverage to cover the cost of data breaches.
By: | April 29, 2024
Topics: Cyber | News
cyber breach

The protection afforded by cyber insurance may fall significantly short of the actual costs incurred during cyber incidents, according to an analysis by cybersecurity firm CYE.

The report, leveraging both external and internal datasets, exposes critical coverage gaps that threaten organizational stability in the wake of cyberattacks.

The study reveals that a staggering 80% of insured companies that suffered a data breach did not have sufficient coverage to meet the costs of a breach.

The average coverage gap stands at 350%, meaning that the costs incurred from a breach were more than three times greater than the target’s insurance coverage. On average, the size of uncovered losses was $27.3 million, with the maximum coverage gap reaching an astounding 3,000% of the available insurance coverage in some cases.

The impact of these coverage gaps on revenue is substantial. When removing outliers — cases in which the cost of an event is greater than 1,000% of available cyber insurance — the coverage gap accounted for 2.9% of revenue on average. However, with outliers included, the coverage gap skyrockets to 42% on average.

Sectors like finance and insurance, information, and manufacturing are among the most affected, presenting well beyond a 100% gap in coverage on average. In contrast, “low tech” sectors such as accommodation and food services, construction, and transportation and warehousing are among the more adequately covered ones. This disparity can be attributed to the fact that companies in high-risk sectors have more digital assets and are more dependent on digital systems to operate, making them more vulnerable to costly breaches.

Inadequate cyber coverage poses a particularly high risk for small companies with less than $10M in revenue. For companies with less than $1 million in revenue, uncovered losses represent a staggering 90% of revenue on average. For companies with $1 million to $10 million in revenue, average uncovered losses total 180% of revenue.

“In cases of bootstrapped companies, with no large investments backing them, an uncovered breach can be a death blow that effectively ends company operations,” the report’s authors state. “These types of companies should exercise extreme caution with their cybersecurity hygiene or make sure they have sufficient coverage.”

In contrast, among companies with $100 million or more in revenues, while the scale of cyber breaches is often greater, the size of uncovered losses from a cyber event total 2% or less of revenues on average.

As the digital threat landscape continues to evolve, so must strategies for mitigating financial risks. “Accurate risk assessment and optimized mitigation emerge as indispensable tools in the arsenal against cyber threats,” emphasizes the study, highlighting the need for businesses to adapt and safeguard their assets against the ever-growing tide of digital threats.

By addressing coverage gaps and implementing robust risk assessment and mitigation strategies, organizations can enhance their resilience and protect themselves from the potentially devastating financial consequences of cyberattacks.

For more information on the survey, visit the CYE website. &

The R&I Editorial Team can be reached at [email protected].