User Error Contributes to Majority of Cyber Attacks

74% of RIMS Cyber Survey Respondents Plan to Buy Coverage

RIMS (Risk Management Society) just released its first-ever cyber survey of risk professionals for a wide range of industries (including retail, hospitality, healthcare, financial services, professional services, IT) with interesting results. The survey was conducted as a result of the emerging risk of cyber attacks and the need for organizations to find solutions to deal with data breaches, network security and other related issues.

According to RIMS, its goal is to “explore strategies implemented by risk professionals including insurance investments, exposures, cyber security ownership, government involvement, as well as identification methods and response procedures.”

Several of the key findings of the 2015 RIMS Cyber Survey include the following:

  • 51% of respondents purchase stand-alone cyber insurance policies
  • 58% of those with cyber insurance policies carry less than $20M in cyber coverage, while 49% of those are paying over $100k in premium
  • 74% of those without cyber coverage are considering procuring coverage in the next 12-24 months
  • 77% of respondents credit Enterprise Risk Management (ERM) for identifying cyber risk

Moreover, the risk professionals surveyed view reputational harm, business interruption and data breach response and notification as the top three first-party exposures. The number-one reported third-party cyber exposure was the disclosure of personal information.

Seventy-three percent (73%) of respondents feel the federal government should regulate/legislate data and cyber privacy issues with 58% believing the federal government should regulate legal liability, fines, and penalties. However, a strong majority of respondents feel the government should NOT regulate loss of business, reputational issues, or business interruption.

Nearly 90% say that their organization has a response plan in place in the event of a cyber crisis, with IT, PR, Legal, Risk Management, Information Security, Compliance involved in the plan. The IT department is assigned as having the primary responsibility for cyber security followed by Information Security. The Chief Information Security Officer is the principal position accountable for the plan, according to the majority of the respondents.

Active monitoring and analysis of information security leads the top cyber spending categories for this year, followed by scanning tools, cyber insurance, employee education, incidence response, and smartphone encryption software.

Caitlin Morgan is in a position to help you procure cyber liability insurance for your clients across many industry segments. As increasingly more organizations understand the value of this important coverage and the risk they face from cyber attacks, we can help you address their insurance needs. Give us a call at 877.226.1027.