In a recent study of 100 U.S. middle market companies and large corporations, 85 percent say they have purchased cyber security and data privacy insurance coverage to protect against financial loss, while nearly half (44 percent) have already filed an insurance claim as a result of a breach.
However, while more companies are purchasing cyber security and data privacy insurance, some gaps still remain in incident response plans, making those companies vulnerable to the financial consequences of a data privacy incident, according to the study, which was commissioned by Wells Fargo Insurance’s Technology, Privacy and Network Risk Practice.
Examining middle market companies and large corporations with $100 million or more in annual revenue, the study looked at companies from a variety of industries ranging from manufacturing to educational services.
It measured the companies’ current levels of readiness to respond to a cyber security or data privacy incident, perceptions of their own security and network vulnerabilities, and challenges faced when purchasing coverage.
“While companies recognize the need for cyber security and data privacy insurance, purchasing coverage is not a complete solution.
It’s also important to recognize that other factors, including testing incident response plans, employee awareness training, and following established privacy policies, are all critical components of an overall risk management program,” said Dena Cusick, national practice leader with Wells Fargo Insurance’s Technology, Privacy and Network Risk National Practice.
“We work with our customers to address any gaps and ensure they have a robust and comprehensive network security solution that can best protect their employees and business.”
Not surprisingly, the most common reasons given for purchasing this specialized coverage were to protect the business against financial loss (78 percent), protect shareholders (64 percent), and help prepare for data privacy events (61 percent).
Of those that filed an insurance claim, 96 percent reported they were satisfied with their coverage, how the claim was handled, and that their policy had enough coverage for expenses and damages.
Despite the fact that many of these companies have purchased coverage, the study identified key gaps in their cyber security programs:
• Companies are not testing their plans. Despite that most companies surveyed have an incident response plan, one in five have not tested their plan.
• Leaked data is the top cyber security and data privacy concern, yet one in 10 companies does not have an existing incident response plan
For almost half of the companies that have cyber and data privacy insurance, the biggest challenges they faced when purchasing the coverage was finding a policy to adequately fit their company’s needs (47 percent) or the cost (42 percent) — highlighting the need for an experienced broker to help with this process.