Global organisations are spending almost four times as much on property related risks than on cyber risks, despite a broad expectation of heightened cyber exposure over the next two years and the greater impact of business disruption to cyber assets than to property, plant and equipment (PP&E) assets, according to Aon and Ponemon.
A leading research firm on privacy, data protection and information security, the Ponemon Institute, has released a report sponsored by insurance and reinsurance broker Aon plc, titled The 2017 Cyber Risk Transfer Comparison Global Report.
The report explores how organisations around the world account and prepare for cyber risks when compared with PP&E risks, revealing a “serious disconnect in risk management.”
“What’s interesting is that the majority of companies cover plant, property and equipment losses, insuring an average of 59 percent and self-insuring 28 percent. Cyber is almost the opposite, as companies are insuring an average of 15 percent and self-insuring 59 percent,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute who, says the study “found a serious disconnect in risk management.”
According to the report, almost 65% of organisations are expecting their cyber exposure to increase in the next two years, and organisations valued cyber assets 14% higher than PP&E assets. Furthermore, the quantification of probable maximum loss (PML) from cyber assets is reportedly 27% higher than with PP&E assets, while the impact of business disruption to cyber assets is some 72% higher than to PP&E assets.
When taking the above into account, the fact that on average organisations insure 59% of PP&E losses compared to just 15% of cyber risks, the disconnect in risk management of cyber exposures compared to PP&E risks becomes apparent.
Kevin Kalinich, cyber/network Global Practice Leader, Aon Risk Solutions, commented on the report and further highlighted the issue; “This study compared the relative insurance protection of certain tangible versus intangible assets. We have found that most organizations spend multiples more premium for fire insurance, for example, than for cyber insurance, even though they state in their publicly disclosed documents that a majority of the organization’s value is attributed to intangible assets.”
The report appears to highlight a problem with how organisations insure and protect their intangible assets versus the more tangible, particularly at a time when the world continues its transition to a truly digital one and advanced technology promotes greater interconnectedness, which, does provide cyber attackers with greater and potentially larger and more far-reaching targets.
The cyber insurance and reinsurance industry is yet to fully grasp the challenge, and despite new solutions being designed, the majority of respondents highlighted a lack of adequate, affordable, and effective cyber insurance solutions. This is despite 46% of respondents reporting a data breach within the last two years that resulted in average financial impact of $3.6 million, explains the report.
The cyber challenge really is a great challenge but also opportunity for the insurance, reinsurance, and broader risk transfer landscape, such as the insurance-linked securities (ILS) space, to innovate and develop products that meet the growing cyber risk needs of global organisations.