Demand for cyber, data privacy insurance surges

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.nevadaappeal.com/news/lahontanvalley/19414502-113/demand-for-cyber-data-privacy-insurance-surges#

In a recent study of 100 U.S. middle market companies and large
corporations, 85 percent say they have purchased cyber security and data
privacy insurance coverage to protect against financial loss, while nearly
half (44 percent) have already filed an insurance claim as a result of a
breach.

However, while more companies are purchasing cyber security and data
privacy insurance, some gaps still remain in incident response plans,
making those companies vulnerable to the financial consequences of a data
privacy incident, according to the study, which was commissioned by Wells
Fargo Insurance’s Technology, Privacy and Network Risk Practice.

Examining middle market companies and large corporations with $100 million
or more in annual revenue, the study looked at companies from a variety of
industries ranging from manufacturing to educational services.

It measured the companies’ current levels of readiness to respond to a
cyber security or data privacy incident, perceptions of their own security
and network vulnerabilities, and challenges faced when purchasing coverage.

“While companies recognize the need for cyber security and data privacy
insurance, purchasing coverage is not a complete solution.

It’s also important to recognize that other factors, including testing
incident response plans, employee awareness training, and following
established privacy policies, are all critical components of an overall
risk management program,” said Dena Cusick, national practice leader with
Wells Fargo Insurance’s Technology, Privacy and Network Risk National
Practice.

“We work with our customers to address any gaps and ensure they have a
robust and comprehensive network security solution that can best protect
their employees and business.”

Not surprisingly, the most common reasons given for purchasing this
specialized coverage were to protect the business against financial loss
(78 percent), protect shareholders (64 percent), and help prepare for data
privacy events (61 percent).

Of those that filed an insurance claim, 96 percent reported they were
satisfied with their coverage, how the claim was handled, and that their
policy had enough coverage for expenses and damages.

Despite the fact that many of these companies have purchased coverage, the
study identified key gaps in their cyber security programs:

• Companies are not testing their plans. Despite that most companies
surveyed have an incident response plan, one in five have not tested their
plan.

• Leaked data is the top cyber security and data privacy concern, yet one
in 10 companies does not have an existing incident response plan

• Some companies still need to develop and train their employees on data
protection and cyber security threats, and develop a corporate privacy
policy for all employees. Additionally, 12 percent of companies do not have
a corporate privacy policy, but of those that do have one, majority (90
percent) say they are in compliance with the policy.

For almost half of the companies that have cyber and data privacy
insurance, the biggest challenges they faced when purchasing the coverage
was finding a policy to adequately fit their company’s needs (47 percent)
or the cost (42 percent) — highlighting the need for an experienced broker
to help with this process.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!