Companies Slow to Get CyberInsurance Coverage Even as CyberAttacks Increase


A recent report showed a slight increase from 10% to 26% of companies with cyber insurance coverage between 2013 and 2014, and stated that most US companies are deficient in “keeping the data breach response plan up-to-date, conducting risk assessments of areas vulnerable to a breach, continuous monitoring of information systems to detect unusual and anomalous traffic and investing in technologies that enable timely detections of a security breach.” In September 2014 the Ponemon Institute LLC issued a report entitled “Is Your Company Ready for a Big Data Breach?” which was sponsored by Experian Data Breach Resolution and stated that cyber insurance policies and incident response (IR) awareness are becoming more important:

In 2013, only 10 percent of respondents said their company purchased a policy. This year, the percentage more than doubled to 26 percent. Further, the use of standard or model contract terms with third parties, vendors or business partners increased. In 2013, 65 percent of respondents said their organizations had these in place and this year it increased to 70 percent of respondents.

Here are topics reported by Ponemon about cyber problems and IR planning:

More companies have data breach response plans and teams in place. In 2013, 61 percent of companies had such a plan in place. This increased to 73 percent in this year’s study. More companies have teams to lead data breach response efforts. In the 2013 study, 67 percent of respondents said they had a data breach response team. This increased to 72 percent.

Data breaches have increased in frequency. In 2013, 33 percent of respondents said their company had a data breach. This year, the percentage has increased to 43 percent. Sixty percent say their company experienced more than one data breach in the past two years. This increased from 52 percent of respondents in 2013.

Most companies have privacy and data protection awareness programs. Ponemon Institute research has revealed that mistakes made by employees are a frequent cause of data breach. While we believe all companies should have such a program, it is a good sign that the existence of training programs increased. In this year’s study, 54 percent say they have privacy and data protection awareness training for employees and other stakeholders who have access to sensitive personal information. This increased from 44 percent in 2013.

There was very little change in the training of customer service personnel. When companies lose customer data, very often it is customer service that must field questions from concerned customers. In 2013, 30 percent of respondents said they provided training on how to respond to questions about a data breach incident. This increased slightly to 34 percent of respondents in 2014.

Informationworld Darkreading also reported:

Nearly three-fourths of US Fortune 500 companies now have set up incident response plans and teams in preparation for cyberattacks, but only one-third of them consider their IR operations actually effective in the face of a data breach, according to a new study.

Hopefully more companies will understand their risk and do a better job to protect with cyber insurance and IR

The publications contained in this site do not constitute legal advice. Legal advice can only be given with knowledge of the client's specific facts. By putting these publications on our website we do not intend to create a lawyer-client relationship with the user. Materials may not reflect the most current legal developments, verdicts or settlements. This information should in no way be taken as an indication of future results.

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.


AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top