Security Experts:

Firms Increasingly Interested in Cyber Insurance: Study

Companies in the United States, the United Kingdom and Germany are increasingly interested in taking out cyber insurance, according to a new study commissioned by insurance provider Hiscox.

The cyber security readiness study, which involved 3,000 businesses from the three countries, shows that 30% of companies in Germany, 36% in the U.K. and 55% in the U.S. already have cyber insurance. Roughly 30% of the firms that don’t have insurance plan on getting insured in the next 12 months.

The top reasons for taking out cyber insurance are related to the cost of a potential breach and the need for peace of mind, data security concerns, the possibility of customer action, and new data regulations. In roughly one-quarter of cases, cyber insurance is a legal requirement.

Reasons for taking out cyber insurance

More than half of the respondents reported being hit by at least one cyberattack in the last 12 months and the cost of dealing with an incident has been significant. On average, companies in the United States with over 1,000 employees said the largest cyber incident had cost them more than $100,000.

In the case of small U.S. firms, with less than 100 employees, the average cost was roughly $35,000. In the U.K. and Germany, organizations reported spending between approximately $32,000 and $67,000, respectively between $24,000 and $48,000, depending on their size.

The study shows that larger organizations are more likely to be interested in cyber insurance, and financial services is the most insurance-aware sector, with more than half of respondents already having cyber insurance.

Experts pointed out that Germany has been increasingly interested in cyber insurance since the attack on its parliament in 2015. Organizations in Europe are also looking for cyber insurance as a result of the EU’s new data protection regulations, which will take effect in 2018.

Of the companies that do not intend to get cyber insurance, many said the insurance policies are too complicated, they are not exactly sure what cyber insurance is, or they don’t trust the insurer to pay out in the event of an incident.

According to a report published by Allied Market Research (AMR) in December, the global cyber insurance market is expected to generate $14 billion by 2022, which represents a 28 percent increase from 2016.

In the meantime, some security companies have started providing alternatives to the traditional insurance services. San Francisco-based security consulting firm AsTech announced this week that it will be offering a $1 million warranty against breach-related costs if a customer is hacked as a result of a vulnerability that AsTech fails to discover. Endpoint security firm SentinelOne offered similar guarantees last year.

Related: Insurance Firm Directs Response in Madison County Ransomware Attack

Related: Cyber Insurance: Security Tool or Hype?

Related: The Hidden Strategic Advantage in Cyber Insurance

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.