Wednesday, May 13, 2015
The financial impact of cyber exposures is close to exceeding those of traditional property, yet companies are reluctant to purchase cyber insurance coverage.
These are the striking findings of a new Ponemon Institute survey sponsored by Aon.
Companies surveyed estimate that the value of the largest loss (probable maximum loss) that could result from theft or destruction of information assets is approximately $617 million, compared to an average loss of $648 million that could result from damage or total destruction of property, plant and equipment (PP&E).
Yet on average, only 12 percent of information assets are covered by insurance. By comparison, about 51 percent of PP&E assets are covered by insurance.
The survey found that self-insurance is higher for information assets at 58 percent, compared to 28 percent for PP&E.
In some ways, these results are not surprising.
Cyber insurance is a relatively new product, and while interest continues to increase, it will take time for the purchase rate to catch up with traditional insurances.
That said, the values at stake are enormous and as the report states, the likelihood of loss is higher for information assets than PP&E.
Another important takeaway from the survey is that business disruption has a much greater impact on information assets ($207 million) than on PP&E ($98 million).
This suggests the fundamental nature of probable maximum loss (PML) varies considerably for intangible assets vs. tangible assets, Ponemon says.
Business disruption represents 34 percent of the PML for information assets, compared to only 15 percent of the PML for PP&E.
A footnote states that while the survey results suggest PML in the neighborhood of $200 million, a growing number of companies are using risk analysis and modeling to suggest potential losses in excess of $500 million to over $1 billion and seek cyber insurance limit premium quotes and policy terms for such amounts.
More information on the growth in cyber insurance is available from the I.I.I. here.
Some 2,243 individuals involved in cyber and enterprise risk management at companies in 37 countries responded to the Ponemon survey.