Nearly 65 percent of organizations expect their cyber risk exposure to increase in the next two years
The impact of business disruption to cyber assets is 72 percent greater than to property, plant and equipment (PP&E) assets
Organizations valued cyber assets 14 percent more than PP&E assets
Quantification of probable maximum loss from cyber assets is 27 percent higher than from PP&E
Organizations insure on average 59 percent of PP&E losses, compared to an average of 15 percent of cyber exposures
"This unique cyber study found a serious disconnect in risk management," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "What's interesting is that the majority of companies cover plant, property and equipment losses, insuring an average of 59 percent and self-insuring 28 percent. Cyber is almost the opposite, as companies are insuring an average of 15 percent and self-insuring 59 percent."
While the majority of surveyed respondents find that cyber insurance is inadequate to meet the needs of their organization, too expensive and has too many exclusions, 46 percent of respondents reported a data breach in the last two years with the average financial impact costing $3.6 million. Based on data breaches and security exploits experienced by the surveyed organizations, the greatest threats are business process failures that caused disruption to business operations as well as cyber attacks that caused disruption to both business and IT operations. Looking ahead, 65 percent of organizations expect their cyber risk exposure to increase in the next two years.
"This study compared the relative insurance protection of certain tangible versus intangible assets," added Kevin Kalinich, cyber/network global practice leader, Aon Risk Solutions. "We have found that most organizations spend multiples more premium for fire insurance, for example, than for cyber insurance, even though they state in their publicly disclosed documents that a majority of the organization's value is attributed to intangible assets."
Aon's 2017 Global Risk Management Survey also found that cyber risk is a top concern for most businesses in the U.S. and globally. As a result, many companies are implementing formal assessments to identify and measure their cyber risk.
While this risk is being recognized as a significant threat, it is often not properly managed on a relative basis compared to other growing assets and risk. This is having an impact on many companies' bottom lines.
|