Study finds nearly half of 100 U.S. corporations surveyed have already filed an insurance claim as a result of a data breach

By Canadian Underwriter | November 5, 2015 | Last updated on October 30, 2024
3 min read

A recent Wells Fargo study of 100 middle market companies and large corporations in the United States has found that 85% of respondents have purchased cybersecurity and data privacy insurance coverage to protect against financial loss, while nearly half (44%) have already filed an insurance claim as a result of a breach.

The biggest challenges for those with cyber and data privacy insurance when purchasing the coverage was finding a policy to adequately fit their company’s needs (47%) or the cost (42%)

For almost half of the companies that have cyber and data privacy insurance, the biggest challenges they faced when purchasing the coverage was finding a policy to adequately fit their company’s needs (47%) or the cost (42%).

Examining middle market companies and large corporations with US$100 million or more in annual revenue, the Cyber and Data Privacy Insurance Study looked at companies from a variety of industries ranging from manufacturing to educational services. It measured the companies’ current levels of readiness to respond to a cybersecurity or data privacy incident, perceptions of their own security and network vulnerabilities, and challenges faced when purchasing coverage.

While more companies are purchasing cybersecurity and data privacy insurance, some gaps still remain in incident response plans, making those companies vulnerable to the financial consequences of a data privacy incident, according to the study, commissioned by Wells Fargo Insurance’s Technology, Privacy and Network Risk Practice (TPN), part of Wells Fargo & Co.

“While companies recognize the need for cyber security and data privacy insurance, purchasing coverage is not a complete solution,” said Dena Cusick, national practice leader with Wells Fargo Insurance’s Technology, Privacy and Network Risk National Practice, in a statement on Thursday. “It’s also important to recognize that other factors, including testing incident response plans, employee awareness training and following established privacy policies, are all critical components of an overall risk management program.” 

In the study, the most common reasons given for purchasing specialized coverage were to protect the business against financial loss (78%), protect shareholders (64%) and help prepare for data privacy events (61%). Of those that filed an insurance claim, 96% reported they were satisfied with their coverage, how the claim was handled, and that their policy had enough coverage for expenses and damages, Wells Fargo reported. [click image below to enlarge]

The number one reason why companies report purchasing cyber and data privacy insurance is to protect their business against financial loss

Despite the fact that many of these companies have purchased coverage, the study identified the following key gaps in their cyber security programs:

• Companies are not testing their plans – Despite that most companies surveyed have an incident response plan, one in five have not tested their plan. One in 10 companies that had to implement their plan did so without testing it beforehand, with three in four (74%) saying they needed to revise their plan following the incident;

• Leaked data is the top cyber security and data privacy concern, yet one in 10 companies does not have an existing incident response plan – 35% of companies are concerned about private data leaks, while 25% are concerned about hackers. Of those companies that have a plan, (85%) developed it with the help of a third-party vendor; and

• Some companies still need to develop and train their employees on data protection and cyber security threats and develop a corporate privacy policy – The study found that 27% of the companies do not have an employee awareness training program for cybersecurity and data privacy; this increases to more than 30% for companies with fewer than 2,000 employees. Of those companies that do have training programs, such as annual certification, affirmative acknowledgement and repercussions for failure to comply, 93% require training for all employees. Additionally, 12% of companies do not have a corporate privacy policy, but of those that do have one, the majority (90%) say they are in compliance with the policy.

Wells Fargo’s Technology, Privacy and Network Risk National Practice helps customers with professional liability, technology errors and omissions, media liability, network security and privacy related lines of coverage. Brokers from the practice provide consultative services, market negotiations, policy analysis and placement, policy administration, claims advocacy services and assist with loss control initiatives.

Wells Fargo Insurance provides solutions for a wide range of customers, including retail consumers, high net worth individuals, small businesses, as well as middle market and large corporate customers. Wells Fargo Insurance writes or places approximately US $11 billion of risk premiums annually in property, casualty, benefits, international, personal lines and life products and also includes agricultural insurance provider Rural Community Insurance Services.

Canadian Underwriter