According to a recent Wells Fargo study of 100 U.S. middle market companies and large corporations, 85% of respondents carry cyber and data privacy policies and nearly half (44%) have already filed a claim as a result of a breach. As more businesses are recognizing the need for cyber insurance, the deterring factor of cost is not the only reason some business are delaying the purchase of cyber coverage. Insurance companies want businesses to already have in place a sound incident response plan before they are willing to write the coverage. Creating an incident response plan is like one of those “going through the closet chores” we would all prefer to put off until a later date.
Finding the appropriate cyber liability coverage for your specific business is necessary, but needs to be in conjunction with certain related elements. Initiating a cyber incident response plan, employee awareness training, and following established privacy policies are all critical components of an overall risk management program to address cyber liability. The cold hard fact is that many businesses are not only delaying purchasing cyber protection insurance, but also on initiating the corresponding programs needed to mitigate any loss related to a cyber breach.
Here are some common cyber defense gaps mentioned in the Wells Fargo report:
- Not having a data breach response plan in place. While 35% of companies say they are concerned about data leaks and 25% are concerned about hackers, only one in ten said they have an existing response plan in place.
- Not testing incident response plans. One in ten companies that have implemented a post-data breach response plan did so without testing it, and of those a full 74% said they needed to revise their plan following a breach incident.
- Not training employees in cyber liability prevention. Approximately 27% of companies do not have an employee awareness training program for cybersecurity and data privacy, and only 20% of companies with fewer than 2,000 employees provide such training.
At The Armstrong Company Insurance Consultants we are concerned for our customers and their risk of a cyber event. Contact us for additional information on cyber awareness. For more details on how to start a cyber program, click on Creating a Data Breach Preparedness Plan.