Only 25% have Cybersecurity Insurance

Life is unpredictable. Catastrophes can and do happen. Fires, floods, bombs and lawsuits: businesses get insurance to protect themselves when things, inevitably, go wrong. But few companies have cyber-security insurance despite the pervasive concern about identity theft and increasing information security exposures.

According to the 2005 CSI/FBI Computer Crime and Security Survey, only 25 per cent use insurance to manage cybersecurity risks, although the vast majority of respondents experienced breaches, with average losses of US$204,000.

Why the low uptake to help manage an area many senior executives say is a top priority? "It's a matter of getting the right price for cybersecurity insurance. It comes down to economics. But this is a tough product for insurance companies." A chicken-and-egg problem is at the core. The percentage of organizations reporting computer intrusions to law enforcement continues its multiyear decline, driven by fears of market backlash. But insurance companies need this fundamental information to discern patterns in cybercrime and develop the actuarial databases that form the basis of insurance risk assessment and pricing.

CATEGORIES:1cyberinsurance, 1risk management, 1business continuity, 1survey,1stats