Companies surveyed acknowledged the potential financial impact associated with security breaches. Of the 56 percent that had breaches, they reported an average cost of these incidents as $9.4 million in the last 24 months.
However, these costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed (breached or not) believe they could suffer due to cyber incidents.
Data breaches impact more than IT teamsWith the rapid increase in the threat landscape and the number of data breaches, concerns over how to manage them have moved beyond corporate IT teams to other major parts of organizations.
Many companies realize that security incidents create significant financial risks that must be managed like other major business risks. In fact, respondents quantified the average potential maximum financial risk of a data breach at $163 million, with some projecting more than $500 million in damages.
- Security exploits are greater than or equal to a natural disaster, business interruption, fire, etc., according to 76 percent of respondents.
- On average, respondents say there is a nine percent likelihood that their company will experience the predicted maximum financial impact during a data breach. This is a small but significant number when compared with other areas that are regularly insured.
- Thirty-one percent of companies report current cyber insurance coverage, and survey results show growth on the horizon. In fact, 39 percent of respondents say their organization plans to purchase a policy.
- Additionally, more than half with a policy believe it is an essential part of their companies' risk management programs.
- Those without a policy noted that price is a roadblock for purchasing. Respondents also said that policy conditions that include excessive exclusions, restrictions and uninsurable risks inhibit their organization from purchasing a policy.
- However, of those with insurance, 62 percent believe the premiums are fair given the nature of the risk.
"Companies worry about the financial impact following a data breach," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Cyber insurance could be an important part of a risk management strategy to protect against potentially severe financial losses."
The complete study is available (registration required).