The incoming EU General Data Protection Regulation (GDPR) has made cyber risks a priority for the boards of organisations doing business in Europe. In a survey conducted by Marsh of 1,300 senior executives, around 65% of respondents said they now consider cyber risks to be a key concern. This is compared to only one-third, in a similar survey Marsh conducted, last year.

Despite the growing awareness of the threat posed by cyber attacks, a separate study conducted by Aon alongside the Ponemon Institute found that organisations currently underinsure cyber risks. The study found that the average potential losses to information assets caused by cyber attacks ($979 million) are greater than losses to physical assets caused by property, plant and equipment related risks ($770 million). The study found that on average only 15% of an organisation’s potential losses are covered by cyber risk insurance.  

With fines for failures to protect personal data being substantially increased under the GDPR, the study by Marsh found that the majority of senior executives, whether in firms with a plan for readiness with the GDPR or not, intend to increase spending on cyber risks in the next year.

The insurance market may therefore expect an increase in organisations looking for cyber risk insurance. The challenge for insurers will be in addressing the concerns of organisations such as those identified in the report by Aon, namely, coverage being inadequate, premiums being too expensive and there being too many exclusions and/or restrictions.

Click here to read the report by Aon and the Ponemon Institute in full.

Click here to read the survey conducted by Marsh in full.