Digitalisation brings new risks for organisations. But despite heightened awareness of the threat landscape, many still aren’t taking action to insure themselves against an attack. Why are so many businesses either still unaware of what cyber insurance can offer them or eschewing it altogether?
Companies admit to lacking protection
In this report from Munich Re - which surveyed 7,000 participants from 14 countries - 83% admitted their company is not adequately protected from threats, while many vastly underestimate the impact of an attack on their business.
Concerns are inconsistent
56% of C-level executives in the US fear a potential cyber attack on their company, rising to 66% in the UK - while in India, 92% highlighted concern.
A worrying statistic is that 39% of respondents from small businesses are not (“or only somewhat”) concerned about the risk of attacks. But SMEs naturally have fewer resources to hand than larger organisations and are ultimately more vulnerable - and more likely to become victims.
Cyber insurance adoption is maturing
Since the last survey undertaken by Munich Re in 2021, there has been a 21% increase in companies taking out a cyber insurance policy, highlighting a maturing market. But many respondents still had no intention of doing so, and 25% didn’t know cyber insurance was even an option.
Cyber insurance companies need to ensure they are clearly outlining their benefits to businesses. As the average loss figures evidence, the cost of insurance is much preferable to that of an attack. Insurers need to demonstrate this to potential clients.
However, insurers will need to know that businesses are taking all possible steps to protect themselves before writing a policy - there is a need for standardised, transparent requirements.
Cyber insurance in private life
The report also looked at how worried individuals are about threats - 90% are at least somewhat concerned about the impact of a cyber attack on their private lives, and over half have already fallen victim. Despite this, only a third have considered taking out a personal cyber insurance policy, suggesting that people are more willing to accept what they believe will be minor consequences.
Why does this matter for businesses?
Although most organisations are concerned about cyberattacks, many have not taken out cyber insurance policies.
Cyber insurance can help transfer residual risk, but it is no panacea.
Before companies can purchase cyber insurance, they will need to demonstrate that they have undertaken an appropriate risk assessment and put effective security measures in place to boost their cyber resilience.