A new Spiceworks study reveals that 38 percent of organizations across North America and Europe have an active cyber insurance policy, yet many organizations still aren’t sold on the benefits of cyber insurance and are hesitant to purchase a policy.
“In a world where cybersecurity breaches increasingly make the headlines, many organizations want the peace of mind an insurance policy offers in the unfortunate event of a breach,” says Peter Tsai, senior technology analyst at Spiceworks. “As a result, we expect the adoption of cyber insurance to increase in businesses across the globe over the next two years. However, despite these expected gains, many organizations still lack knowledge about cyber insurance, while others are skeptical of the value of these policies in general.”
Among the 38 percent of organizations that have a cyber insurance policy, 45 percent purchased insurance within the last two years, and 32 percent purchased their policy three to four years ago. Only 24 percent of organizations have been covered for more than five years. Additionally, according to a separate poll in the Spiceworks Community, 11 percent of organizations without coverage plan to purchase a cyber insurance policy within the next two years.
Increased priority on security is a top driver of cyber insurance adoption
Most organizations (71 percent) are purchasing cyber insurance as a precautionary measure, while 44 percent cited an increased priority on cybersecurity as the reason they purchased a policy. In fact, according to the 2019 State of IT Budgets, increased security concerns is one of top three drivers of IT budget increases in 2019.
The risk of managing large volumes of personal data also drove 39 percent of organizations to purchase cyber insurance. However, less than 15 percent of organizations purchased a policy due to a recent security incident or data breach.
When comparing the prevalence of cybersecurity insurance policies in North America and Europe, the regulatory environment and impact of new regulations such as GDPR become apparent. Only four percent of organizations in North America purchased cyber insurance because of new data protection regulations, compared to 43 percent in Europe.
Across both regions, 52 percent of companies with cyber insurance have a coverage limit between one to five million, 19 percent have a coverage limit between six to 10 million, and 16 percent are covered for more than 10 million. However, the results show only seven percent of organizations have ever filed a claim with their cyber insurance provider.
Skepticism and a lack of knowledge about cyber insurance is affecting adoption
Among the companies that don’t carry cyber insurance, the lack of knowledge about cyber insurance is one of the top three reasons why they haven’t purchased a policy. Thirty-six percent of IT professionals said their organization isn’t covered due to a lack of knowledge about cyber insurance, while 41 percent said it’s not a priority at their organization, and 40 percent said they don’t have budget for it.
Additionally, 33 percent of organizations haven’t purchased a policy because they aren’t sold on the benefits, and 20 percent reported insufficient use cases for cyber insurance. Twelve percent of organizations also said they’re not confident claims will be paid out.