Annual Cyber Risk Survey finds businesses are sharpening their focus on cyber security but also reveals much room for improvement in building cyber resilience
- 86 percent of respondents said that cyber risk is a significant concern and that they’ve taken steps to assess their risks.
- 65 percent of respondents have invested in cyber security solutions to mitigate risk, which indicates that 35 percent of respondents still have not.
Schaumburg, IL (Oct. 29, 2021) – Zurich North America and Advisen Ltd. have released the 11th Annual Information Security and Cyber Risk Management Survey of corporate risk managers and insurance buyers, revealing current views about information security and cyber risk management. This year’s survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago with 83 percent of respondents carrying some level of cyber insurance. The survey results indicate that risk professionals are increasingly aware of their intensifying cyber risks and the need to manage them using risk mitigation and risk transfer. However, a deeper dive into the numbers found that there is much room for improvement in building cyber resilience.
- Sixty-five percent of respondents have invested in cyber security solutions to mitigate risk, which means that 35 percent of respondents still have not.
“At Zurich, we have been advocating for increased cyber resilience among businesses for years so seeing a continued increase in take up rate and strengthening risk mitigation efforts is very encouraging,” said Michelle Chia, Head of Professional Liability and Cyber for Zurich North America. “The survey results also tell us, however, that more work needs to be done to increase cyber resilience and we are committed to providing businesses the resilience strategies they need through education and support.”
The survey results reveal gaps in mitigation efforts among respondents especially related to risk monitoring, employee training and vender risk assessment efforts.
Risk monitoring: Most risk managers taking the survey are not monitoring cyber threats to their organizations frequently enough. Thirty-two percent of respondents shared that they monitored for cyber threats monthly and 28 percent just quarterly. The report states that “…in today’s fast-changing environment, even monthly threat assessments will leave organizations ill-prepared for both threat actors and their cyber insurance renewals.”
Vendor risk assessment: At 52 percent, barely half of the survey respondents say vendor risk assessment is a part of their risk mitigation plans. Also, respondents categorized business interruption due to technology failures or supplier cyber disruptions only as a moderate concern on the list of their business continuity concerns. With cybercriminals increasingly leveraging third-party vendors to launch attacks on a broader scale, companies should be forewarned that vendor risk is not an area to ignore.
Employee education: Human error is a major factor in successful cyber security breaches. With cyber threats evolving daily, more frequent training opportunities that keep employees in the loop on threats and help them identify and thwart efforts by bad actors will be critical in minimizing cyber events. Yet only 17 percent of respondents indicate that their companies offer cyber security training on a monthly basis. Annual training is the most common response chosen at 30 percent of survey respondents, with 25 percent conducting employee cyber education on a quarterly basis.
This year is the first time the survey has featured questions on ransomware. Eighty percent of respondents say they feel very or moderately prepared to face a ransomware event. However, respondents also worry that no matter how much they prepare, it will not be enough to fully overcome a ransomware attack. A focus on business interruption persisted through the survey’s ransomware section; and the “unknowns” of ransomware were apparent in the survey with one respondent adding, “While our cyber risk security efforts seem very robust, it’s difficult to know what we don’t know.”
Other key findings of the 2021 survey:
- The hard cyber insurance market is hitting buyers on all fronts including retention, limits, price, and coverage. Respondent comments show significant worries about a “completely dislocated” market with triple-digit rate increases, shrinking coverages, and skepticism over whether insurers adequately analyze effective loss prevention measures.
- Buyers’ frustration with the cyber insurance market’s policy wording varies from carrier to carrier, which makes it difficult for policy holders to compare solutions.
Considering the current state of the insurance market, risk managers will find pre-breach mitigation planning and excellent cyber security controls to be mandatory for underwriters. This year’s survey highlights a few areas where risk managers may be lagging and where their insurance partners can offer education and support.
“This survey reveals that customers are concerned with the changing market and what it will mean to their renewal process,” added Chia. “Risk managers are looking for coverage that protects their business at the right price and are also looking for solutions to mitigate their risk. With so many unknowns, they may find that the answers to business resilience are right in front of them in the form of risk mitigation.”
For 11 consecutive years, Zurich North America and Advisen Ltd. have collaborated on this survey designed to gain insight into the current state of and ongoing trends in cyber risk management and insurance.
The results reflect the responses of nearly 400 respondents representing risk managers, insurance buyers and other risk professionals covering both large and small companies around the world. Finance, banking and insurance industries are the most highly represented. Other industries with significant representation included manufacturing, construction, professional services, educational institutions, healthcare and technology. Firms with between $1 billion and $10 billion in revenue comprised 30 percent. Large businesses with more than $10 billion in revenue represented 10 percent, but most respondents came from smaller and middle market companies (less than $1 billion in revenue) at 61 percent.
For the complete survey results, click here.
Zurich North America is one of the largest providers of insurance solutions and services to businesses and individuals. Our customers represent industries ranging from agriculture to technology. Zurich North America is part of Zurich Insurance Group, a leading multi-line insurer that serves its customers in global and local markets. Further information is available at www.zurichna.com.
Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With about 55,000 employees, it provides a wide range of property and casualty, and life insurance products and services in more than 215 countries and territories. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, as well as multinational corporations. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information is available at www.zurich.com.
Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market. Advisen’s proprietary data sets and applications focus on large, specialty risks. Through Web Connectivity Ltd., Advisen provides messaging services, business consulting, and technical solutions to streamline and automate insurance transactions. Advisen connects a community of more than 200,000 professionals through daily newsletters, conferences, and webinars. The company was founded in 2000 and is headquartered in New York City, with offices in the US and the UK. To learn more, visit www.advisenltd.com.
Source: Zurich North AmericaTags: Advisen, cyber risk, cyber security, resilience, survey, Zurich