The cost of business interruption due to a security breach is the top cyber risk concern for captive businesses across all industries, according to a new report by Aon Global Risk Consulting.
The 2016 Captive Cyber Survey is Aon’s first cyber captive survey. It found that 94 percent of companies would share risk with others in their industry as part of a captive facility writing cyber insurance.
61 percent of survey respondents also said they buy cyber limits in the $10-25 million range, but overall 60 percent of large companies do not buy cyber insurance. Of those that do, 68 percent of companies surveyed buy cyber for balance sheet protection closely followed by ensuring due diligence comfort for the board
Only 25 percent of respondents that buy limits are confident that they comply with international best practices and standards for information security governance and 95 percent of companies surveyed state clear policy wording as the most important issue in the cyber risk market, and 75 percent of large companies express concerns about the loss adjustment process.
Aon experts also anticipate alternative risk transfer options to become increasingly sought after as these solutions give companies some control over underwriting, coverage scope and claims adjustment, while providing an opportunity to share best practices, experience and data in a private setting.
Peter Mullen, chief executive officer of Aon Risk Solutions’ captive and insurance management practice, spearheaded the report.
He said: “Our findings indicate that there is a disparity between companies recognising that cyber is one of the fastest growing and permeating risks, and actually understanding what their individual exposures and coverage needs are.
“Captives are a great alternative risk transfer solution for bridging this gap while the industry’s approach to cyber risk management catches up to the evolving pace of technology.”
Kevin Kalinich, global practice leader for cyber/network risk at Aon Risk Solutions, added: “Given the evolving nature and complexity of cyber exposures, we found that the use of cyber risk assessments is surprisingly low. Conducting such an assessment is a useful tool for improving risk understanding and maturity as well as for helping organizations better prepare for potential business interruption during or after a breach.
“Aon is at the forefront of assisting clients to develop and implement a risk assessment approach that is cross departmental and can translate cyber exposures into financial impact.”