The costs of business interruption due to a breach is the top cyber risk concern for businesses across all industries,
according to the 2016 Captive Cyber Survey report just released by Aon,
the leading global provider of risk management.
Aon’s
first cyber captive survey offers a better understanding of organisations’ current
attitude towards cyber threats, risk assessment, insurance purchasing trends and loss adjustment concerns, and provides insight into current retail market
trends, including captives and other risk financing solutions.
Aon’s findings
also indicate that there is a disparity between companies recognising that
cyber is one of the fastest growing and permeating risks, and actually
understanding what their individual exposures and coverage needs are. Captives are a great alternative risk
transfer solution for bridging this gap while the industry’s approach to cyber risk
management catches up to the evolving pace of technology.
The survey
findings indicated that 94 percent of companies would share risk with others in
their industry as part of a captive facility writing cyber. What’s more, Aon
experts anticipate alternative risk transfer options to become increasingly
sought after, as these solutions give companies some control over underwriting,
coverage scope and claims adjustment, while providing an opportunity to share
best practices, experience and data in a private setting.
Additional highlights
include:
·
60 percent of large companies don’t buy cyber insurance.
·
Of those that do, 68 percent of companies surveyed buy
cyber for balance sheet protection closely followed by ensuring due diligence comfort
for the board.
·
Only 25 percent of respondents that buy limits are confident
that they comply with international best practices and standards for
information security governance.
·
95 percent of companies state clear policy wording as
the most important issue in the cyber risk market, and 75 percent of large
companies express concerns about the loss adjustment process.
Given the
evolving nature and complexity of cyber exposures, Aon found that the use of
cyber risk assessments is surprisingly low.
Conducting such an assessment is a useful tool for improving risk
understanding and maturity as well as helping organisations better prepare for potential
business interruption during or after a breach. Aon is at the forefront of
assisting clients to develop and implement a risk assessment approach that is
cross-departmental and can translate cyber exposures into financial impact.
Aon recommends
the following three steps to begin a cyber risk assessment:
1.
Scenario
Analysis: Benchmark the existing cyber risk profile and work
with business stakeholders to prioritise cyber risk scenarios.
2.
Financial
Modeling: Leverage advanced financial simulation tools using
deterministic modeling to quantify first and third party costs of select cyber
scenarios. Consider performing an analysis on non-damage business interruption
scenarios using forensic accounting capabilities.
3.
Insurability
Risk Review: Test the adequacy of limits against the
assessed cyber risk as well as review the optimisation of the proposed
insurance program.
About the 2016 Aon Captive Cyber Survey
Aon’s 2016
Captive Cyber Survey is designed to offer analysis on top cyber risk concerns,
risk assessment approaches, attitudes toward cyber insurance and policy cover
and structure. The survey, conducted for the first time in fall 2015, gathered
input from risk managers and directors of more than 125 captive insurance
companies. The 2016 findings will allow organisations to gain insight into the
mounting threat of cyber risk, benchmark their risk management practices and
identify approaches that may increase their preparedness.