17 October 2017 Alternative Risk Transfer

Firms grasp importance of data assets, yet don’t insure risk

Organisations increasingly recognise the growing value of technology and data assets relative to historical tangible assets, yet they are spending four times more budget on insurance for property, plant and equipment (PP&E) risks, a new report by Aon has revealed.

The 2017 EMEA Cyber Risk Transfer Comparison Report, released by Aon in collaboration with the Ponemon Institute, a research firm on privacy, data protection and information security, found that while 38 percent of businesses surveyed confirmed they have experienced a cyber loss in the past 24 months, only 15 percent of their probable maximum loss (PML) is covered by insurance.

This is in stark contrast to the policy limits purchased against physical assets like PP&E, where around 60 percent of their PML is typically covered. The report also shows that the impact of business disruption to information assets is 50 percent greater than to PP&E.

“Our goal is to compare the financial statement impact of tangible property and network risk exposure,” said Larry Ponemon.

“A better understanding of the relative financial statement impact will assist organisations in allocating resources and determining the appropriate amount of risk transfer resources to allocate to the mitigation of network risk exposures.”

Vanessa Leemans, chief operating officer for Global Cyber Insurance Solutions at Aon added: “This study compared the relative insurance protection of certain tangible versus intangible assets. We found that most organisations spend much more on fire insurance premiums than on cyber insurance, despite stating in their publicly disclosed documents that a majority of the organisation’s value is attributed to intangible assets.”

The report also found that only 30 percent of businesses are “fully aware” of the legal and economic consequences of European Union General Data Protection Regulation (GDPR). GDPR comes into effect on May 25, 2018, and introduces a 72-hour notification for all personal data breaches—except those unlikely to pose a risk to individuals.

Fines for non-compliance with the GDPR will increase to as much as €20m or 4 percent of an organisation’s global turnover (whichever is higher). Insurance carriers are starting to see an increase in demand for cyber coverage as cyber exposure awareness becomes an enterprise-wide issue.

Leemans concluded: “With 65 percent of EMEA organisations expecting their cyber risk exposure to increase over the next two years, cyber risk needs to be approached at an enterprise-wide level in order to achieve cyber resilience.

“This should include enterprise-wide education, assessment and quantification, preventive risk management, and incident response plan, as well as cyber insurance.”

Get the latest re/insurance news sent to your inbox every day -  Sign up to our free email newsletters

Other stories from today's PCI newsletter

SCOR vows to take a nuanced view on rate rises, assessing clients on a case-by-case basis

Beazley seeks global rate hikes of 5 to 10% for renewals

Risk-based pricing is best way to manage the burden of flood losses

Insurtech firms become MGAs out of frustration

Alternative thinking: the historic rise of ILS

Cat losses demonstrate value and resilience of industry

ILS capacity demystified for US cedants

2017 insured losses could total $100 billion: RMS

Expert support for catastrophe and exposure management

Cedants: how much coverage to buy?

Insurers need to reach for the cloud

Anticipate change and innovate: Sampson

RAA highlights growth opportunities at PCI

Wildfires among the costliest on record

PCI unveils new officers to board of governors

Technology should mean evolution

$93bn premium forecast in US homeowners’ insurance

The bottom of the cycle has been reached

Sentiment is positive but headwinds challenge growth

Don't miss our insurtech email newsletter - sign up today

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk