Every day you can read at least one news story about a company whose data was hacked or whose personally identifiable information was compromised. With all the attention given to cyber incidents and the number of cyber security products available, you’d think that hacking incidents would be decreasing.

But a study of business risk managers released June 4 by The Hartford Steam Boiler Inspection and Insurance Co. (HSB), part of Munich Re, found close to 70% of businesses were hacked at least once in the last year. The study also found that more than half (55%) of the risk managers surveyed don’t believe their company is dedicating enough money or trained and experienced personnel to combat the latest hacking techniques.

“Hackers have evolved and so have their methods of attack,” said Eric Cernak, cyber practice leader for Munich Re. “Businesses are on high alert, but they can do a lot better. Simply reacting to new threats is not enough. Businesses of all sizes need to anticipate hacking trends and deploy the resources necessary to protect their private or sensitive information.”

The organizations represented by the risk managers responding the HSB’s survey included 63% at large enterprises, 30% at mid-sized organizations and 7% at small businesses.

Other key findings

Hartford Steam Boiler’s 2015 Cyber Poll, conducted on-site at the Risk and Insurance Management Society Conference (RIMS) in New Orleans in April, also found that:

  • The use of cloud technology, and the resulting exposure, was a major concern for the risk managers. Loss of confidentiality of information is viewed as the biggest risk by 76%, followed by service interruption by 16% and government intrusion by 5%.
  • The risk managers also had concerns about the type of information being breached, ranging from personally identifiable information (53%) to sensitive corporate information (33%) to financial information (14%).
  • Intrusion detection/penetration testing is the most prevalent type of risk management services that 32% of risk managers would be most interested in deploying to combat cyber risk, followed by employee education programs (25%) and encryption (25%).

When asked about cyber insurance, 46% said their business has either purchased cyber insurance for the first time or increased its level of coverage in the last year. But the survey also found that 36% of businesses don’t have any level of cyber insurance coverage.

This situation presents an opportunity for agents and brokers to educate their clients about the need for such coverage, which can be added to a company’s existing policies. It also represents an opportunity for agents and brokers to reach potential new clients.

The poll is intended to represent the sentiments of 102 risk manager attendees who participated through in-person interviews, and represented small (1-99 employees), mid- (100-999 employees) and large-sized (1,000+ employees) businesses in the following industries: manufacturing/industrial; retail; financial services; government/military; medical/healthcare; and education.