The cost of a data breach is rising, and insurance companies are beginning to offer coverage they say will help companies cover the expenses. But is cyber insurance worth it for businesses?
Answer: It depends on who you ask.
A recent survey conducted by PricewaterhouseCoopers (PwC) found that nearly half (46%) of businesses had purchased cyber insurance coverage that protects them from costs associated with the theft or misuse of electronic data.
Additionally, 17% of the survey’s respondents said their organization had submitted a claim after an incident, and 14% received reimbursements.
However, in a different survey conducted by professional services firm Towers Watson, 73% of respondents said their company hasn’t purchased a cyber insurance policy.
The two surveys differed greatly in size and scope, which may explain part of the disparity – the PwC survey included IT decision makers and executives from more than 12,000 organizations worldwide, while the Towers Watson poll was limited to 164 risk managers.
One thing organizations must consider when deciding if they need a cyber insurance policy is what is covered under current policies and what coverage cyber insurance will add. Cyber insurance is a relatively new type of coverage, so many organizations don’t yet fully understand the different types of coverage out there.
There’s also the issue of the cost and benefits of coverage, as many people making insurance decisions at organizations may not be fully aware of how much businesses can lose because of cybersecurity incidents. IT can help decision makers by offering estimates on the potential costs of covered incidents to help decide if the premiums are worth it.