Despite the growing adoption of cyber insurance across large enterprises, a striking gap remains in executive and boardroom engagement with these crucial policies. According to the 2024 Cyber Insurance Report by QBE North America and Zywave, only 38% of companies frequently discuss cyber insurance at the C-suite level, and fewer than 20% of boards are extremely familiar with their company’s cyber insurance policies. This lack of involvement in the cyber insurance market suggests that many businesses are missing valuable opportunities to integrate cyber insurance more fully into their broader risk management strategies, potentially leaving them vulnerable to evolving threats.
Our further analysis of the QBE and Zywave report follows; you can read the whole report here.
Key Findings: A Shift in the Cyber Insurance Landscape
The survey, which included 156 risk professionals and insurance buyers from predominantly large organizations, reveals how cyber insurance has evolved from a niche product to a critical element of business risk management. More than 80% of respondents now carry some form of cyber insurance, reflecting a significant shift in the cyber insurance market as businesses face increasing exposure to cyber threats. However, while policy adoption is high, the report points to several gaps in how these policies are utilized and communicated across different levels of the organization.
High Incidence of Cyber Events, Low Claim Filing Rates
The report also highlights the alarming frequency of cyber incidents in the cyber insurance market. Over 60% of respondents reported experiencing a cyber event, yet only 36% had filed a claim under their cyber insurance policy. This discrepancy may be due to the fact that some companies did not have coverage in place at the time of the event or because the costs associated with the incident were lower than the policy’s deductible.
This low claim filing rate despite the high frequency of cyberattacks underscores a potential disconnect between companies’ risk exposure and their understanding of how to leverage their cyber insurance. It also highlights a missed opportunity for organizations to maximize the value of their coverage during such incidents.
Underutilization of Value-Added Services
A particularly revealing finding in the report is the underutilization of value-added services included in cyber insurance policies. While 50% of respondents were aware of additional services, such as threat intelligence, security assessments, and network scanning, only 40% actively engaged with these offerings. Bundled with cyber policies at no extra cost, these services can significantly improve an organization’s cyber resilience by helping prevent and mitigate cyber risks.
This underutilization points to a broader issue of communication between insurers and their clients. The report suggests that many businesses may not fully understand the benefits available through their policies, missing out on resources that could enhance their ability to manage and reduce cyber risks.
Cost Concerns and Challenges Beyond Insurance
The survey revealed that respondents view the cost of cybersecurity tools, services, and the availability of qualified IT staff as more pressing challenges for managing cyber risks than the price of cyber insurance itself. In fact, the cost of cyber insurance ranked fourth on the list of challenges. This shift indicates that while businesses recognize the need for cyber insurance, they are more concerned with the broader operational costs of maintaining cybersecurity.
With cyber incidents on the rise and businesses feeling the strain of managing cybersecurity expenses, the report highlights a crucial opportunity for insurers and brokers to emphasize the value of the risk management services included in their policies. Workshops, cybersecurity assessments, and ongoing education could help alleviate some of the financial and operational burdens companies face while enhancing their overall security posture.
Lack of Engagement from C-Suite and Boards of Directors
As noted in the first paragraph, perhaps the most significant finding in the report is the lack of engagement from senior leadership and boards of directors when it comes to the cyber insurance market. Fewer than 40% of CISOs actively participate in cyber insurance purchasing decisions, despite their responsibility for overseeing cybersecurity efforts. This gap between cybersecurity leadership and the decision-makers responsible for risk management creates a vulnerability in how organizations approach cyber risk transfer and mitigation.
Additionally, only a small percentage of board members are familiar with their company’s cyber insurance policies, with less than 20% being “extremely familiar.” Given the increasing role that boards play in overseeing cybersecurity, this lack of awareness could hinder an organization’s ability to fully leverage their cyber insurance policies, leaving critical risks unaddressed.
Engaging the board and C-suite in cyber insurance discussions could lead to more informed decision-making and a more comprehensive approach to risk management. Insurers and brokers have a clear opportunity to foster these conversations and provide education on how cyber insurance can complement broader cybersecurity strategies.
Positive Experiences with Claims, but Room for Improvement
For those who did file claims, the feedback on the claims process was largely positive. Nearly half of the respondents described their experience with insurers as efficient and supportive, with most insurers meeting their needs during challenging times. However, some businesses reported frustrations with the length of the claims resolution process and a lack of clear communication from their insurers, indicating room for improvement in the customer experience.
The Road Ahead for Cyber Insurance
The 2024 Cyber Insurance Report paints a mixed picture of the cyber insurance landscape. On the one hand, adoption rates are high, and businesses increasingly recognize the importance of cyber insurance as a core component of their risk management strategies. On the other hand, significant gaps remain in how these policies are utilized, particularly regarding value-added services and executive-level engagement.
The report underscores the need for more effective communication and education for insurers and brokers. By helping businesses fully understand the breadth of services available through their policies, insurers can improve their clients’ cyber resilience and strengthen their position in an increasingly competitive market. Engaging with CISOs, boards of directors, and other key decision-makers is crucial to ensuring that cyber insurance becomes not just a reactive tool for responding to incidents but a proactive element of a comprehensive risk management strategy.
Other News: One in Five Businesses Hit by Cyberattacks, Lacking Preparedness(Opens in a new browser tab).
Other News: Casio says ‘no prospect of recovery yet’ after ransomware attack .