83% of polled organizations had standalone cyber insurance policies: 2017 RIMS Cyber Survey

Organizations with standalone cyber insurance policies increased three points from 2016 to 83%, according to the 2017 RIMS Cyber Survey.

“Risk professionals’ continued to show confidence in standalone cyber insurance policies as the number of practitioners who purchased the coverage increased moderately in 2017,” RIMS, the risk management society, said in a press release on Thursday.

This year’s survey had 288 respondents (up from 272 in 2016), with demographics regarding industry sector, organization revenue and number of employees holding close to 2016 results, RIMS said. The survey was distributed to RIMS membership via an Internet link and was accepted between May 18 and June 25 of this year. When asked primary country of residence, 80% reported the United States and 16% said Canada, with United Kingdom (1%), Denmark (1%) and “other” rounding out the survey.

Key findings include the following:

• Of the organizations without a standalone cyber policy, 84% indicated that other insurance policies include cyber liability coverage;
• 72% of respondents transfer cyber exposures to a third-party (up 4% from 2016);
• Business interruption (80%) and cyber extortion (72%, up nine points from last year) top the list of first-party cyber exposures;
• Only 34% of respondents thought that the government should mandate cybersecurity standards;
• 44% of those purchasing cyber insurance have a limit in the $5 million to $20 million range;
• 26% of those polled said they will spend more than $1 million to protect against cyber exposures in 2017;
• Nearly half (48%) reported that they are spending more than last year to protect against cyber exposures; and
• Six in 10 (61%) are considering purchasing cyber coverage within the next 12 to 24 months.

“At any given moment, cyber-predators can unleash a new hack to infiltrate an organization’s system, steal or lock critical data and cause significant business interruption damages,” RIMS president Nowell Seaman said in the release. “RIMS Cyber Survey shows that risk professionals continue to invest in cyber insurance products and must work in tandem with their insurers and IT professionals to help develop innovative and adaptable solutions for the next generation of cyber threats.”

Compared to the modest changes seen in the 2017 RIMS Cyber Survey, the 2016 survey showed more drastic changes in the management of cyber exposure than its preceding 2015 survey, RIMS reported. Notably, there was a sharp 29% increase in the procurement of standalone cyber insurance than recorded in 2015 (51% in 2015, 80% in 2016). Also, there was a 10% increase in the number of organizations that transferred cyber exposure to a third-party from 2015 to 2016 (58% to 68%).

RIMS is a not-for-profit organization representing more than 3,500 corporate, industrial, service, nonprofit, charitable and government entities throughout the world. The organization has a membership of approximately 11,000 risk practitioners who are located in more than 60 countries.