Every company understands that an attack on IT would have serious and lasting consequences for the bottom line. The problem is that companies often underestimate the likelihood of an attack, the damage that results, and the complexity of an effective cybersecurity solution. As a result, cybersecurity issues become a bigger problem year after year. In order to illustrate just how vulnerable companies are and how essential extra protection is, consider these 10 significant stats related to cyber insurance:
1 – 61 percent of companies rank cybersecurity as a major risk in 2018
A recent survey of executives asked them to name the top ten threats they are worried about in 2018. Far more than the majority cited cybersecurity as one of their top fears. In fact, it was number two on the list of threats with disruptive technologies taking the top spot.
This stat is revealing because businesses have a lot to worry about these days. New regulations, uncertain politics, evolving markets, and changing consumer demands are all sources of anxiety. But in spite of those uncertainties, cybersecurity is ranked high on the list of risks. Companies that are not equally anxious about an attack or other type of cyber incident may be downplaying the risk and putting their future in jeopardy as a result.
2 - 14 million small businesses are at risk of a hacker threat
There are around 28 million small businesses in the US. A 2016 report revealed that half of them were breached by hackers in that year. The consequences of the breaches were not tracked, but they likely range from business disruption to cyber extortion to lost revenue and consumer confidence.
This stat is eye opening for two reasons. First, it illustrates just how tenacious and ubiquitous today's hackers are. It takes a lot of motivation to target millions of businesses and a lot of skill to successfully breach 14 million of them. This statistic also reveals that all companies, not just the biggest or richest, are under attack. In fact, hackers often target small businesses knowing that they have weaker security strategies in place.
3 - Ransomware damages rose 15X in two years to hit $5 billion in 2017
Ransomware and other forms of cyber extortion have been rising rapidly in recent years. A look at data from 2017 revealed the total damage caused by ransomware reached $5 billion. This is up from only $325 million in 2015, an increase of 15X in two years.
The financial drain created by ransomware is astounding, but it's important to understand that the ransom itself is not the major issue. Rather, it's the disruption caused when critical data and applications are held hostage and made unavailable. Operations grind to a halt, revenue starts to hemorrhage and paying the ransom beings to feel like a small sacrifice to get back to business. It's for these reasons that ransomware is so effective, so destructive, and so common.
4 – Cybercrime damages will cost the world $6 trillion annually by 2021
Cybercrime has evolved from an annoying issue into a pressing issue and will soon be an existential issue. As attacks become more common and more effective, companies will spend significantly on cybersecurity to combat the problem. Spending is estimated to reach $6 trillion annually by 2021, up from $3 trillion in just 2015.
Companies have clearly concluded that cybersecurity is an issue they cannot avoid. They have also concluded that spending on cybersecurity and other forms of protection is a sounder strategy than trying to recover from an attack. When trillions of dollars are being spent to solve a problem, the consequences of the problem must cost multiples more. Cybersecurity is already a major budget item that is only going to get larger.
5 - 86 percent of consumers won't work with an organization that has suffered a data breach involving credit or debit card details
A survey of 2,000 consumers revealed that 86 percent of respondents were "not at all likely" or "not very likely" to do business with companies that put financial data at risk. The numbers were only slightly lower when personal information like addresses and phone numbers were exposed.
The immediate cost of a data breach is expensive, but the long-term cost is often even greater, and this stat illustrates why. Consumers have a lot of competitors to choose from, and when one is proven to be unsafe consumers simply seek out an alternative. Any business that lost 86 percent of its customers would struggle mightily. Worse still, they would find it very difficult to recruit replacements.
6 - 27 percent of U.S. firms have no plans to buy cyber insurance
Data compiled by the publication Insurance Journal reveals that 50 percent of companies do not have cyber insurance, and 27 percent have no plans to purchase it in the future. The objections are largely related to the cost structure and a perceived lack of transparency in the cyber insurance industry.
In order to make sense of this stat, it's important to consider the inverse – 73 percent of firms DO plan to purchase cyber insurance, including almost half of the firms that do not have it currently. That is not surprising considering that the same data showed that 61 percent of firms expect to be hit by an attack. The vast majority of companies acknowledge how risky it is to operate without cyber insurance coverage.
7 - Cyber insurance market growing from $2.5 billion in 2015 to $7.5 billion by 2020
A 2016 survey illustrated just how fast spending on cyber insurance is growing. Spending ballooned from $2.5 billion in 2015 to $4.3 billion in 2017 and is expected to reach $7.5 billion by 2020. The survey included more than 10,000 executives from companies in 127 countries.
These figures show that cyber insurance is quickly becoming a standard component of a cybersecurity strategy. As previous stats illustrate, almost every company is vulnerable to attack, and even companies with robust cybersecurity in place are not entirely immune. Cyber insurance provides the last line of defense by covering costs related to breaches and other incidents. When protection is never guaranteed, coverage provides extra confidence and certainty.
8 - 130 companies wrote cyber insurance premiums in 2016
Data reported in Insurance Journal shows that 130 different companies wrote premiums for cyber insurance in 2016. Those premiums totaled $1.35 billion, but that figure is widely considered to be low due to the difficulty of separating out cyber insurance premiums from multi-policy coverage.
This statistic should come as good news to any company searching for cyber insurance. As a previous stat mentioned, there is some hesitation about transparency and pricing in the industry. Those concerns become less urgent as the number of insurers competing to offer coverage grows. With spending on cyber insurance expected to rise rapidly, expect even more players to enter the market. That will help keep costs competitive while improving service for policyholders.
9 - Only eight percent of manufacturing companies have cyber insurance
Even though the majority of companies will soon have cyber insurance, levels of coverage vary widely across industries. A 2015 report showed that only 8 percent of manufacturing companies have some form of stand-alone cyber insurance. This is followed by the communications, media and technology industry with only a 12 percent adoption rate.
Coverage is likely rare in these industries out of a perception that hackers are only interested in lucrative financial information or sensitive health/personal information. Unfortunately, the current threat landscape is different. Cyber extortion schemes used to shut down a factory or communication technology could prove highly lucrative. Intellectual property is also a valuable commodity increasingly under attack. With upwards of 85 percent of companies in these two industries foregoing coverage, there is a lot of risk left unaddressed.
10 - 50 percent of healthcare organizations have coverage
Not surprisingly, around 50 percent of healthcare organizations have stand-alone cyber insurance according to the same 2015 report. Healthcare is the most heavily insured industry, followed by education and hospitality/gaming with coverage rates of 32 percent and 26 percent respectively.
Considering that healthcare organizations manage huge amounts of sensitive data while being subject to sweeping rules for data security, it's entirely understandable that coverage is the standard. What is not understandable is why half of the industry is foregoing coverage when the other half has deemed it essential?
Considering that healthcare organizations manage huge amounts of sensitive data while being subject to sweeping rules for data security, it's entirely understandable that coverage is the standard. What is not understandable is why half of the industry is foregoing coverage when the other half has deemed it essential?