One of six 'best practices' highlighted by ESI ThoughtLab in a new report on Driving Cybersecurity Performance is simple: "Make more use of cybersecurity insurance to transfer risk." Use of cyberinsurance is growing, but the insurance industry believes it can be improved.
ESI ThoughtLab surveyed executives in more than 1,000 companies around the world in a report that was sponsored by a range of leading companies, such as Verizon, KnowBe4 and Check Point. It was also sponsored by cyberinsurance firm Cowbell Cyber. Cowbell has extracted and expanded the insurance elements of the ESI ThoughtLab report in relation to SMEs with less than $1 billion in revenue in the U.S.
The first thing to note in Cowbell's report (PDF) is that SMEs are adopting cyberinsurance as part of their resiliency planning at a faster rate (by 65% to 58%) than large enterprises. However, this may partly be because it is a requirement imposed upon them by their customers -- a requirement less likely to affect large enterprises. Thirty-five percent of SMEs buy cyberinsurance for this reason, while another 30% do so because of regulations requiring restitution to individuals and third parties. Whatever the cause, however, these companies are largely satisfied with the ROI of cyberinsurance, with only 3% dissatisfied.
Nevertheless, the figures suggest that 70% of the firms that have adopted cyberinsurance are underinsured. These firms have coverage of less than $1 million where Cowbell suggests the mean cost of a successful cyber-attack is £1.22 million. The industries most at risk of being underinsured are telecom, retail/hospitality, healthcare, and life sciences. Conversely, by the same yardstick, other industries could be considered to be overinsured -- with the media and professional sectors likely to be most overinsured.
The resulting disparity b ..
Support the originator by clicking the read the rest link below.
