Study: Companies Value Data But Aren’t Paying To Protect It

It would appear that a lot of companies are not putting their money where there minds are when it comes to insuring themselves against data breaches.

According to a new study from the Ponemon Institute, information technology assets are insured 39 percent less than physical assets (12 percent to 51 percent) — yet more than half of the respondents fully expect that their companies’ exposure to cyberattacks will continue to grow.

“Despite the risk, companies are reluctant to purchase cyber insurance coverage,” the report states. “Fifty-two percent of respondents believe their companies’ exposure to cyber risk will increase over the next 24 months. However, only 19 percent of respondents say their company has cyber insurance coverage.”

As for why more companies aren’t already taking sufficient action, the survey bore out three popular reasons: inadequate coverage, high premiums, and the belief at many companies that standard insurance (that related to tangible assets) will cover data loss.

“This survey is unique as it focused on the relative financial statement impact of cyber incidents compared to tangible asset vulnerabilities,” said Kevin Kalinich, leader of the global cyber risk practice for Aon Risk Solutions — which sponsored the study — in a press release (via Canadian Underwriter). “The explosion of cloud computing, mobile devices, big data analytics and the Internet of Things is creating enterprise risk management issues that are rapidly growing with the increased use of information assets and technology. Companies large and small are advised to consider cyber threats in this perspective.”

Kalinich pointed out that, within a 12-month period, 80 percent of companies are likely to suffer a data breach — and there is a 5 percent chance that such an infraction could result in a material loss of $20 million or more. The Wall Street Journal notes that, for comparison, the odds of a fire causing a material loss is well below even 1 percent.

“The perception of the risk is interesting,” commented Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, reports Canadian Underwriter. “It’s clear that there is a risk and losses can be anticipated, but organizations are not insuring against the risk.”

In performing the study — called the 2015 Global Cyber Impact Report — the Ponemon Instutute surveyed 2,243 respondents in 37 countries across North America, Europe, Middle East, Africa, Asia, Pacific, Japan and Latin America.