United States

Cyber insurance: A smart choice for business

RSM US MMBI Cybersecurity Special Report 2018


When evaluating cyberrisks, middle market companies face various decisions on how to handle risks that correspond to their risk appetites. Cyber liability insurance (CLI) enables organizations to transfer some portion of their cyberrisks, and when coupled with a comprehensive security program, CLI can be very effective. Cyber insurance is often a smart investment to not only protect servers and technology systems, but also to limit risks to a company’s sensitive data, finances and reputation.

General liability policies typically exclude cyber insurance coverage. With hacking and data leakage threats looming large to middle market companies, cyber insurance policies bridge the gap to provide liability coverage for data breaches and losses to sensitive customer and company data.

RSM's research found that 52 percent of middle market businesses carry a cyber insurance policy to protect themselves against internet-based risks. Larger organizations3 tend to invest in policies (58 percent) slightly more than smaller companies (49 percent).

Like general liability insurance, cyber insurance policies can differ, with varying levels of features and protection. Policies can include system repair and data recovery following a breach, as well as the often costly process of notifying customers that their information was exposed—a regulatory requirement in many states and industries.

However, among middle market executives whose companies have cyber insurance policies, many do not understand their level of coverage. RSM's research found that 53 percent indicate familiarity with coverage, while the remaining 47 percent is only somewhat familiar or not at all familiar.

“Our digital forensic teams handle hundreds of client breaches a year, so we have a front-row view of the value of cyber insurance,” said Geopfert. “For many clients, insurance has been the only reason they are still in business. It is steadily becoming more common to encounter events that are an order of magnitude more expensive, and the rise in fines and class-action lawsuits suggests this trend will continue.”

Executives who claim to understand the details of their cyber insurance policies demonstrated the depth of cyber insurance coverage. Frequently cited risks or exposures covered by cyber insurance policies include hacking (82 percent), theft (80 percent), data destruction (77 percent), business interruption (72 percent), extortion (71 percent) and post-incident investigative expenses (68  percent).

Even a relatively minor data breach can have a significant effect on a middle market organization. Having adequate cyber insurance coverage can help offset the financial, reputational and operational implications of an incident. Amid an environment of evolving threats, leveraging cyber insurance is becoming a smart business strategy, providing peace of mind for the company that breaches will be addressed, and for consumers that their data will be protected.

Download the full report»

3   Larger middle market companies have annual revenues of $50 million to $1 billion and smaller companies have annual revenues of $10 million to $50 million.

How can we help you?

Learn more about our security, privacy and risk services.  Or get in touch with our risk advisory professionals.