Smaller companies need not bother with cyber insurance, a new research by Southern California non-profit think tank RAND has suggested.
Sasha Romanosky, analyst at RAND, shared his views on the matter: "If I was a large business then I probably would want to buy cyberinsurance. For most companies it probably isn't all that necessary," TechRepublic
Romanosky cited figures from his August 2016 report, saying that of the $200 billion insurance industry, 1 to 1.5 per cent, or over 70 companies, offer cyber insurance. Rand itself owns cyber insurance to protect its firm of 1,800 employees from hackers.
Romanosky noted a dangerous side effect to purchasing cyber insurance: "There's this moral hazard issue. Once you're insured you might stop taking the precautions, because why should you?”
Romanosky explained why companies should think twice about purchasing cyber insurance: "[W]e estimate the total costs from cyber events at approximately $8.5 billion annually. We find that the typical cost of a data breach is less than $200,000, far lower than the millions of dollars often cited in surveys.” That's far less than fraud involving billing, corruption, financial misstatements, and retail shrinkage, the study showed.
Romanosky also stated his views regarding whether a cyber cover helps reinforce data safety: "Nobody really knows except for insurance companies and they are the only ones who have the data." He said the insurance industry doesn’t seem to pursue this vein of research, due perhaps to a lack of effort or interest or a variety of what he called ‘goofy institutional excuses,’ TechRepublic
Big business worried more about data loss than hackers – survey
Zurich: SMEs increasingly worried by cyber risk
‘Every large firm to have cyber cover in three years,’ says Marsh leader