Cybersecurity

How Do You Budget Cybersecurity Risks vs. Property Risks?

It’s no secret that cybersecurity is becoming a top concern of businesses worldwide, with the threat increasing every day. So why is a recent report showing that companies are budgeting four times more towards property security than cybersecurity?

balance budget ideas

Dmitrii_Guzhanin / iStock / Getty Images Plus / Getty Images

According to a press release, the 2017 Cyber Risk Transfer Comparison Global Report released by the Ponemon Institute, a leading research firm on privacy, data protection, and information security, and sponsored by Aon plc, found that organizations now believe that their cyberassets are more valuable than plant, property and equipment assets … even though they are spending four times more budget on insurance protecting the latter risks.

“This unique cyber study found a serious disconnect in risk management,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “What’s interesting is that the majority of companies cover plant, property and equipment losses, insuring an average of 59% and self-insuring 28%. Cyber is almost the opposite, as companies are insuring an average of 15% and self-insuring 59%.”

While the majority of surveyed respondents find that cyberinsurance is inadequate to meet the needs of their organization, too expensive and has too many exclusions, 46% of respondents reported a data breach in the last two years with the average financial impact costing $3.6 million. Based on data breaches and security exploits experienced by the surveyed organizations, the greatest threats are business process failures that caused disruption to business operations as well as cyberattacks that caused disruption to both business and IT operations. Looking ahead, 65% of organizations expect their cyber risk exposure to increase in the next two years.

“This study compared the relative insurance protection of certain tangible versus intangible assets,” added Kevin Kalinich, cyber/network global practice leader, Aon Risk Solutions. “We have found that most organizations spend multiples more premium for fire insurance, for example, than for cyberinsurance, even though they state in their publicly disclosed documents that a majority of the organization’s value is attributed to intangible assets.”

Aon’s 2017 Global Risk Management Survey also found that cyber risk is a top concern for most businesses in the U.S. and globally. As a result, many companies are implementing formal assessments to identify and measure their cyber risk. While this risk is being recognized as a significant threat, it is often not properly managed on a relative basis compared to other growing assets and risk. This is having an impact on many companies’ bottom lines.

Additional Findings

  • 63% of companies that experienced a data breach in the last two years are now more concerned than before about their cyberliability.
  • 82% of companies have access to cybersecurity forensic experts in the event of a data breach.
  • 36% of respondents say their organizations do not have to disclose a material loss that is not covered by insurance in their financial statements, but if they do, 41% of respondents say they would include it in a footnote of a financial report.
  • 71% of survey respondents are either somewhat or not at all aware of the economic and legal consequences of upcoming regulations, such as the European Union General Data Protection Regulation (GDPR).

About Aon

Aon plc (NYSE:AON) is a leading global provider of risk management, insurance brokerage and reinsurance brokerage, and human resources solutions. Aon unites to empower results for clients in over 120 countries via innovative risk and people solutions. For further information on our capabilities and to learn how we empower results for clients, please visit: http://aon.mediaroom.com.