A new risk survey by Towers Watson, the US professional services firm, reports that 27% of companies buy insurance to cover the risk of cyber attacks. Reading between the lines, the impression is that most firms felt the cost of premiums too high relative to the degree of risk being transferred. That said, many companies without network liability insurance justified their decision by emphasizing alternative kinds of risk mitigation, such as the capability within their IT function.
Details are scant, but it is assumed that most survey respondents were from US companies. Survey answers were received from 164 individuals, mostly in the health and manufacturing sectors; 3 were reportedly from the communications sector. Though the language used by Towers Watson is unnecessarily alarmist, and they failed to show a link between the data and some of their conclusions, there are some interesting results in the details. For example, 54% of firms claim to have an ERM process in place – I was surprised that this was so high. Follow these links for the press release, summary, and report.