Zurich Insurance’s annual Advisen Cyber survey showed that, for the first time in the survey’s seven-year history, there has been a significant decline in how seriously C-suites and business executives view cyber risk, even as the nature of cyber attacks and risks have evolved.
The report highlights three key findings:
- In 2017, 60% of the risk professionals surveyed said executive management view cyberrisk as a significant threat to their organization, down significantly from 85% in 2016.
- Only 53% of respondents knew of any changes to their companies’ cybersecurity systems in response to the high-profile attacks that took place in early 2017.
- Growth in the purchase of cyber insurance has gone stagnant after a steady increase from 35% to 65% over the past six years.
“These findings may indicate that businesses are not up to speed on the magnitude of impact that business interruption losses are beginning to have on businesses,” said Erica Davis, head of specialty E&O for Zurich North America.
“Annually, the survey results are critical for understanding how businesses are thinking about cyber risk and what we need to do to help them protect themselves as we watch this issue continue to evolve,” Davis said.
The cost of cyber threats
2017 saw a number of high-profile cyber attacks and data breaches. Data security losses compromised millions of consumers’ personal information, and increased malware and ransomware attacks shut down business network systems and disrupted business operations.
The report states that according to an annual IBM study, in the last year, the average cost of a cyber-related business interruption loss reached $3.7 million in the healthcare industry alone.
Despite these concerning trends, the Advisen report found that risk professionals view cyber-related business continuity risk less seriously than data integrity risk, even as business interruption costs increase and high profile business interruption attacks made headlines in 2017.
Cyber insurance purchasing trends
The survey analyzed companies’ cyber insurance purchasing behaviors as well, and found that just 10% of respondents identified business interruption as the primary reason for buying cyber insurance.
Over the last seven years, the number of companies buying cyber insurance has increased from 35% in 2011 to 65% in 2017, but for the first time this year, the number has gone stagnant.
Concerning researchers, these results indicate that businesses may not be staying up to date with cyber-related risks or the precautionary measures need to protect themselves against potential attacks. The report’s researchers suggest that, “Since business continuity events are growing in both frequency and severity, the insurance industry should further educate their clients on these exposures, provide access to pre- and post-incident resources, and offer products that meet the needs of their insureds.”
“Businesses must adopt a mindset of resilience that extends beyond the four walls of their organization,” Davis said. “As cyber security breaches persist, it is more critical than ever to engage in an ongoing, comprehensive review of all business partner relationships including how those vendors and business partners approach their own exposures and controls and how the vendors’ supplier approach fits into their overall resilience plan.”
Zurich’s 2017 Information Security and Cyber Risk Management survey identified and analyzed the trends and current state of cyber risk based on responses from 315 risk professionals. The study is designed to provide a benchmark for future cyber risk preparedness and response strategies.