Cyber insurance is gaining popularity worldwide, yet most organizations still lack cyber coverage, according to a survey of 581 IT professionals conducted by IT systems and network monitoring software company Spiceworks.
Key findings from the Spiceworks survey included:
- 62 percent of organizations lack cyber insurance.
- Organizations without cyber insurance cited coverage was not a priority (41 percent) as the top reason for not purchasing cyber insurance, followed by lack of budget (40 percent), lack of knowledge about cyber insurance (36 percent) and not required by regulations (34 percent).
- 52 percent of organizations with cyber insurance have a coverage limit between $1 million and $5 million, 19 percent have a coverage limit between $6 million and $10 million and 16 percent are covered for more than $10 million.
- Organizations with cyber insurance cited precautionary measure (71 percent) as the top reason for purchasing coverage, followed by increased priority on cybersecurity (44 percent), personal data management (39 percent) and industry-specific mandates (28 percent).
- Among organizations with cyber insurance, 45 percent have had a policy for two years, 32 percent have maintained a policy for three or four years and 24 have been covered for at least five years.
How to Select the Right Cyber Coverages
Cyber insurance offers financial protection against data breaches and other cybersecurity incidents, Spiceworks noted. However, an organization must evaluate its cyber insurance options to select the right coverages.
Organizations should review their existing cybersecurity and IT risk management programs before they purchase cyber insurance, the Federal Financial Institutions Examination Council (FFIEC) recommends. In addition, FFIEC offers the following tips to help organizations select the right cyber coverages:
- Include legal, enterprise risk management, operational risk management, finance, information technology and information security management departments in the decision-making process.
- Review an existing or proposed cyber policy to identify coverage gaps.
- Assess all policy terms and conditions.
- Examine the costs and benefits of cyber coverage annually.
Furthermore, MSSPs can provide endpoint protection, network security and other managed security services to supplement an organization's cyber insurance. They can help organizations secure data and assets, and by doing so, stop data breaches and other cybersecurity incidents.