Insurance Rarely Covers All Losses From Cyber Attack

Aug. 6, 2019
Cyber insurance may create false sense of security among senior financial executives at world’s top companies, suggests FM Global survey.

Seven in 10 senior financial executives at the world’s largest companies believe their insurer would cover most or all of the losses their company would incur in a cyber attack. Many of the losses they foresee, however, are rarely covered by insurance.

In a study of more than 100 chief financial officers (CFOs) and other senior financial executives, commissioned by FM Global, one of the world’s largest commercial property insurers, 45% say they expect their insurer will cover “most” related losses from a cybersecurity event, and 26% say they expect their carrier will cover “all” related losses. But most of the effects these financial executives expect to experience in a substantial cybersecurity event aren’t typically covered by insurance policies, according to FM Global. These effects include:

  • Degradation of the company’s brand/reputation (46% percent say this was a likely effect of a cybersecurity event)
  • Increased scrutiny from the investment community (40%)
  • Decline in revenue/earnings (38%)
  • Introduction of regulatory compliance problems (35%)
  • Decline in market share (24%)
  • Decline in share price (24%)

There was one more choice: “New costs to mitigate the loss,” cited by 53% of senior financial executives. Indeed, many new costs—including expenses related to restoring data or equipment—would be covered by first-party cyber insurance or property insurance, according to FM Global. Litigation and customer notification costs would be covered by third-party insurance. But the rest of the listed costs in the study would likely have to be absorbed by the victimized company. Moreover, more than half said financial recovery from a substantial cybersecurity event would take months to years.

“As essential as cyber insurance is, the findings indicate financial executives may be deriving a false sense of security from it,” says Kevin Ingram, executive vice president and chief financial officer at FM Global. “While insurance is an essential part of the risk management formula, there are losses related to a cyber attack that insurance cannot cover—like damage to a company’s reputation, lost market share, missed growth opportunities, decreased valuation and losses stemming from increased cost of capital.”

For more information, visit: www.fmglobal.com

Sponsored Recommendations

Keys to Improving Safety in Chemical Processes (PDF)

Many facilities handle dangerous processes and products on a daily basis. Keeping everything under control demands well-trained people working with the best equipment.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Rosemount™ 625IR Fixed Gas Detector (Video)

See how Rosemount™ 625IR Fixed Gas Detector helps keep workers safe with ultra-fast response times to detect hydrocarbon gases before they can create dangerous situations.

Micro Motion 4700 Coriolis Configurable Inputs and Outputs Transmitter

The Micro Motion 4700 Coriolis Transmitter offers a compact C1D1 (Zone 1) housing. Bluetooth and Smart Meter Verification are available.