Majority of organizations forego purchasing cyber liability insurance: Advisen

Most organizations recognize that cyber risk management extends beyond the domain of the IT department, but few are incorporating cyber insurance as part of their overall risk management strategy, Advisen Ltd. reported.
In its report A New Era in Information Security and Cyber Liability Risk Management, Advisen explored the current state of enterprise-wide information security and cyber liability risk management.
The Zurich-sponsored survey was administered by Advisen Ltd. to risk professionals across a broad array of industries. Five-hundred-and-three risk professionals responded to the survey.
“Many believed that the IT department would keep the organization secure because viral infections and data breaches by hackers were issues best addressed by protections such as firewalls and antivirus software, which were IT solutions,” the report says.
“A growing number of organizations are now realizing that cyber security extends well beyond the IT department. A wide range of issues such as lost or stolen data, violation of privacy laws, intellectual property infringement and social media-related risks such as cyber-bullying and textual harassment constitute a much broader scope of cyber exposures.”
In total, 86% of respondents agree cyber and information security risks pose at least a moderate danger to their organization, the report adds.
But when asked if their companies buy cyber liability insurance, of those answering the question, 35.1% said yes, while 60.1% said no.
According to participants’ comments, some explanations for why companies do not purchase cyber liability insurance include:
•Investment in prevention rather than insurance;
•Limited markets;
•Broker disconnects;
•Lack of coverage clarity; and
•Deductibles are too high.