Insurance Journal recently reported on a survey by Towers Watson indicating that the majority of companies do not buy cyber insurance. The report, 2012 Risk and Finance Manager Survey, shows over 7o percent of those surveyed are not buying network security /privacy liability policies. According to the survey, this number has not changed significantly from the previous year and when coverage is purchased, lower limits are procured, with about 40% of the buyers opting for limits of 1 to 5 million.
The reason for not buying? Either the company’s own IT procedures were viewed as addressing the exposure or no viable exposure was believed to exist. Of those that did purchase the coverage, the survey describes the primary purchasing driver as “expertise” as opposed to cost of the coverage.
The article goes on to include some examples of exclusions cyber insurance policies may contain including exclusions for unencrypted laptops or failure to install software updates. For additional exclusion examples, see our previous entry on privacy/security coverage concerns . Also note our previous entry on the rising cost of cyber crime.