Back To The Blog

Understanding New Findings from the Ponemon Institute

Uncategorized / November 05 , 2013

A Q&A with Ozzie Fonseca of Experian® Data Breach Resolution
Organizations are increasingly addressing cyber risk, and Ponemon Institute’s new study titled “Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age” explores the current attitudes business leaders have toward managing security threats and the steps they are taking to minimize them. I spoke with Ozzie Fonseca, senior director, Experian Data Breach Resolution, about what the survey uncovered.

What were some of the most surprising findings of the Ponemon survey?
To me, the most surprising finding was the fact that most companies are now viewing cyber risk as an equal or greater threat than natural disasters, business interruption and fires. For the longest time, cyber insurance was around but it was not accepted as a need. Recently, over the last couple of years, that has really changed. While the study itself doesn’t go into the reasons why, I think we can assume this is happening because companies are:

  1. Witnessing the very pervasive nature of data breaches—they are happening all of the time.
  2. Realizing the significant financial burden that these incidents pose on an organization.
  3. Understanding that they have to be ready and arm themselves with all of the tools out there and cyber insurance policies are an important tool.

What do companies most need to know about cyber risk insurance policies? What is the current perception out there?
I think it’s important for an organization to make sure that they thoroughly read and understand what’s covered and what’s not and how their policy works. In our study we found that 70 percent of companies that have been affected by data breaches are now looking to get a policy. For these organizations, the costs are no longer hypotheticals—there are real numbers at play. And 62 percent of companies we spoke to feel that cyber insurance premiums are quite reasonable. A few are still skeptical as to whether these policies are useful or not but of the people surveyed 70 percent either have or are actively looking for insurance while only 30 percent have no interest in purchasing a policy at this time. Several years ago it was the other way around, so that’s a big difference.

The study shows that 62 percent of companies felt their security “posture” improved when they purchased insurance. What are the reasons for this?
In a nutshell, insured companies are more confident and prepared to deal with the threat of cyber breaches. When you have a policy the insurer will ask you tough questions you’ve never asked yourself and in answering them you will learn much more about the risks out there and how to mitigate them. Moreover, often the insurer will ask the client to undergo a NetDiligence® cyber risk assessment to reaffirm reasonable safeguard practices and suggest improvements for any weak spots. You will also grasp the policies and services that need to be in place, such as notification support and credit monitoring.

What are the ramifications of this study, for companies and for insurers?
For everyone, the main takeaway is that having a policy will better prepare you to deal with a data breach. At the same time, cyber risk insurance is getting to the point of mass adoption so insurers can spend less time educating the market about cyber insurance—they can concentrate on fielding requests because they will continue to see growth in this area in the future.

In summary…
This research reinforces a positive trend, that risk managers are becoming more knowledgeable about their cyber risk (including their significant legal liabilities should they suffer a breach caused by anemic security practices), and the many cyber liability insurance solutions available to help them cede this risk exposure. Our own NetDiligence 2013 Cyber Liability & Data Breach Insurance Claims study (click here to download or see the eRisk Hub) shows that even a modest data breach in a small organization can still result in sizeable dollar amounts being paid out to remediate and respond to the event. As such, cyber breach insurance coverage is no longer a luxury.

Related Blog Posts

10 Cybersecurity Tools Every Small-Medium Business Should Have in Their Arsenal

What You Need to Protect Your Data

SMBs have unique cybersecurity risks that should be managed with appropriate tools. Here are the top tools and some mistakes to avoid when implementing them.

Continue Reading

8 Things Every Business Should Know About Cybersecurity

Top Tools and Tips for Cyber Risk Management

Cyber risk is always evolving but every business needs to understand the fundamental threats they face as well as the key tools for risk assessment and mitigation that can help them improve their cybersecurity posture.

Continue Reading

From Afghanistan to Ransomware

A Q&A with Melissa Ventrone of Clark HIll

As an attorney in the cybersecurity and privacy space, Melissa Ventrone draws on her military background to keep clients calm, manage complex logistics, and help them mount a successful incident response.

Continue Reading
Visit Our Blog

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download
Solutions
About
Contact

P.O. Box 204
Gladwyne, PA 19035
610.896.9715

© 2024 NetDiligence All Rights Reserved.