A recent analysis by CYE, a cyber risk quantification firm, has uncovered a significant gap in cyber insurance coverage, with four out of five companies experiencing cyberattacks that were not fully covered under their existing policies. On average, these insurance gaps left over three-quarters of the costs of a breach uncovered, leading to substantial financial losses. Specifically, the research, which examined 101 breaches across various sectors, found an average of $27.3 million in uncovered losses per incident. This alarming statistic highlights the potential financial risk businesses face when their insurance does not fully align with their cybersecurity needs.
Nimrod Partush, vice president of data science at CYE, emphasized the reliance of many companies on cyber insurance to cover losses from cyber incidents. However, he noted that companies are often surprised to find that their insurance only covers a small portion of the damages. This discrepancy can leave businesses vulnerable to significant financial strain in the wake of cyberattacks. The study underscores the importance of companies understanding the specifics of their coverage and the need for more comprehensive insurance solutions that can keep pace with the increasing complexity and frequency of cyber threats.
The Insurance Information Institute predicts that direct written premiums for cyber insurance worldwide could rise to $23 billion by 2025, with U.S. businesses paying about 56% of the total. This increase is driven by the broader exposure of U.S. businesses to data breaches and cyberattacks, fueled by their reliance on Internet of Things (IoT) technologies, the expansion of remote work, and greater use of cloud data storage. However, a report from Delinea, a cybersecurity firm, warns of a rising list of exclusions that could make cyber insurance coverage void. These exclusions can include a lack of security protocols, human error, acts of war, and non-compliance with proper procedures, all of which could leave businesses unprotected.
One case study highlighted in the CYE report involved Capital One, which in July 2019 reported a major security breach costing an estimated $138 million. This included expenses related to customer notifications, credit monitoring, technology updates, and legal support. Despite receiving $73 million through insurance coverage, Capital One still faced $65 million in uncovered damages. This case exemplifies the substantial repercussions that cybersecurity breaches can have on companies, particularly when insurance does not fully cover the resultant financial losses. It illustrates the crucial need for businesses to reassess their cyber insurance policies regularly and ensure they are adequately protected against the ever-evolving landscape of cyber threats.
