Organisations recognise the growing value of technology and data assets relative to historical tangible assets, though they are spending four times more budget on insurance for Property, Plant and Equipment (PP&E) risks, according to the 2017 EMEA Cyber Risk Transfer Comparison Report, released by insurer Aon with the Ponemon Institute, a US information security research firm.
Dr Larry Ponemon said: “Our goal is to compare the financial statement impact of tangible property and network risk exposure. A better understanding of the relative financial statement impact will assist organizations in allocating resources and determining the appropriate amount of risk transfer resources to allocate to the mitigation of network risk exposures.”
The report found that while 38 percent of businesses surveyed confirmed they have experienced a cyber loss in the past 24 months, only 15 percent of their probable maximum loss (PML) is covered by insurance. This is in contrast to the policy limits purchased against physical assets like Property, Plant and Equipment, where around 60 percent of their PML is typically covered. The report also shows that the impact of business disruption to information assets is 50 percent greater than to PP&E.
Comment
Vanessa Leemans, Chief Operating Officer for Global Cyber Insurance Solutions at Aon said: “This study compared the relative insurance protection of certain tangible versus intangible assets. We found that most organizations spend much more on fire insurance premiums than on cyber insurance, despite stating in their publicly disclosed documents that a majority of the organization’s value is attributed to intangible assets.”
The report also found that only 30 percent of businesses are “fully aware” of the legal and economic consequences of European Union General Data Protection Regulation (GDPR). GDPR comes into effect on 25th May 2018, and introduces a 72-hour notification for all personal data breaches – except those unlikely to pose a risk to individuals. Fines for non-compliance with the GDPR will increase to as much as 20m euros or 4 percent of an organization’s global turnover (whichever is highest). Insurance carriers are starting to see an increase in demand for cyber coverage as cyber exposure awareness becomes an enterprise-wide issue.
Vanessa Leemans added: “With 65 percent of EMEA organizations expecting their cyber risk exposure to increase over the next two years, cyber risk needs to be approached at an enterprise-wide level to achieve cyber resilience. This should include enterprise-wide education, assessment and quantification, preventive risk management, incident response plan, as well as cyber insurance.”
To download a copy of the Aon and Ponemon Institute 2017 EMEA Cyber Risk Transfer Report visit http://www.aon.com/risk-services/2017-EMEA-Cyber-Risk-Transfer-Comparison-Report.jsp.
