Half of insurers don’t purchase cyber coverage for their own firms: survey

More than half of insurance company respondents to a recent survey from rating agency A.M. Best said they do not purchase cyber security insurance for their own firms.

In the survey, which included property and casualty insurance firms and life and health insurers, 53% said they don’t currently buy any kind of cyber coverage.

Thirty percent said they purchased between $1 million and $5 million in limits, with the remainder of respondents buying “slightly higher coverage amounts,” according to A.M. Best, which released its survey findings in a special report Monday.

Only 15% of firms surveyed reported ever experiencing a data breach or cyber attack. However, more than 37% of companies with $500 million in capital and surplus admitted to experiencing a breach, the rating agency noted.

“This is an important distinction, because 92% of all capital and surplus is held by these larger companies, and the amount of data these larger companies have is disproportionate to the industry,” A.M. Best said in its special report.

Larger companies are also more likely to use cloud storage technology, which could allow for greater risk. Among companies with less than $500 million in capital and surplus, 47% said they use cloud technology, compared with 73% of those companies with above $500 million.

Still, among those participants who had experienced cyber breaches, 75% said they were able to discover the breaches within the first day. However, 8% did admit it took a month or longer to find the breach in their firm.

Most companies included in the survey reported their cyber security functions being housed within their organization’s existing IT groups. Only 3% said their firm had a dedicated, specialized cyber security risk department.

Among those companies surveyed, 86% said they do not offer cyber security policies. Those writing the risk often bundle it within other policies, such as general liability, with 57% writing specific cyber policies, the report also notes.

Virtually all companies also reported expecting premium for their cyber security line of less than $100 million in 2015, and 61% had policy limits less than $1 million, the report notes.

Lack of data was the main reported complaint around creating cyber policies. An “untested legal environment” was also a challenge reported by survey respondents.