Report: Companies Underinsured Against Cyber Risk vs. Physical Risk

May 14, 2015

Report: Companies Underinsured Against Cyber Risk vs. Physical Risk Despite an increase in the value of data compared to physical assets, most companies are underinsuring against cyber attacks compared to insuring against loss of property, plant and equipment (PP&E), according to a new report conducted by the Ponemon Institute and sponsored by insurance provider Aon. The global survey of executives found that, while they value information assets about the same as physical assets, companies are only insuring 12 percent of non-tangible assets compared to 51 percent of PP&E.

“The perception of the risk is interesting,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “It’s clear that there is a risk and losses can be anticipated, but organizations are not insuring against the risk. This report substantiates a risk manager’s initiatives for how they allocate resources and where they focus.” 

Among its other findings, the report noted only 19 percent of those polled say their company has cyber insurance, despite the fact that they estimate the loss of information assets is nearly three times more likely than the loss of physical assets, on average. The survey also found that 37 percent of companies “experienced a material or significantly disruptive data breach one or more times during the past two years and the average economic impact was $2.1 million.”

“The explosion of cloud computing, mobile devices, big data analytics and the Internet of Things is creating enterprise risk management issues that are rapidly growing with the increased use of information assets and technology,” said Kevin Kalinich, global practice leader for cyber/network risk at Aon Risk Solutions. “Companies large and small are advised to consider cyber threats in this perspective.”