Many businesses purchase insurance policies hoping they never have to use them. Unfortunately, that hasn’t been the case with cybersecurity insurance.
A recent Wells Fargo survey of 100 U.S. middle-market and large companies found that 85 percent say they have purchased cyber and data privacy insurance, while 44 percent have already filed a claim as a result of a breach.
The report didn’t look into the total cost of the claims but a recent study by NetDiligence pegged the average claim for a large company at $4.8 million.
And how much do companies pay for cyber insurance? The cost of a policy depends on a variety of factors including the type of business, volume of records (personally identifiable information, protected health information, credit card data) and the organization’s security controls.
“Network security and privacy liability (aka ‘cyber’) is one of the most subjective lines of insurance, meaning that the underwriter has significant flexibility when pricing the risk,” Dena Cusick, national practice leader with Wells Fargo Insurance’s Technology, Privacy and Network Risk National Practice, told NBC News by email. “The premium can be as low as $750 for a small, well-managed organization and well into the seven figures for large organizations with significant volumes of data.”
With corporate data breaches popping up in the news seemingly nonstop, the report said most large businesses now believe cyber risks are greater than other insurable business risks such as natural disasters and fires. Yet, it found that many businesses that purchase cyber insurance aren’t testing their plans, don’t have incident response guidelines and haven’t adequately trained their employees about cybersecurity and data privacy.