Organizations place great stock, fewer dollars on cybersecurity

Register now

Nearly four times more budget is being spent on property related risks compared with cyber security risk, according to Larry Ponemon.

The 2017 Cyber Risk Transfer Comparison Global Report, sponsored by insurer Aon, found that organizations now think their information assets are more valuable than plant, property and equipment assets, even though they are spending much more on insurance protecting the latter risks.

For the report, Ponemon surveyed 2,168 individuals in North America, Europe, the Middle East, Africa, Asia Pacific, Japan and Latin America who are involved in their company’s cyber risk management as well as enterprise risk management activities.

The study “found a serious disconnect in risk management," said Larry Ponemon, chairman and founder of the Ponemon Institute.

"What's interesting is that the majority of companies cover plant, property and equipment losses, insuring an average of 59 percent and self-insuring 28 percent. Cyber is almost the opposite, as companies are insuring an average of 15 percent and self-insuring 59 percent," Ponemon said.

While the majority of surveyed respondents find that cyber insurance is inadequate to meet the needs of their organization, too expensive and has too many exclusions, 46 percent reported a data breach in the last two years, with the average financial impact costing $3.6 million.

Based on data breaches and security exploits experienced by the surveyed organizations, the greatest threats are business process failures that caused disruption to business operations as well as cyber attacks that caused disruption to business and IT operations. Looking ahead, 65% of organizations expect their cyber risk exposure to increase in the next two years.

For reprint and licensing requests for this article, click here.