Chubb Survey discovers U.S. public companies’ number one fear

Published: January 15, 2013 by ofonseca

In 2012, FBI Director Robert Mueller stated, “There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.”  Given this warning, companies who are serious about protecting themselves from cyber thieves need to have a comprehensive protection plan, one that includes cyber liability insurance, in order to be a company that survives a hack.

When asked by The Chubb 2012 Public Company Risk Survey what worried them the most about doing business in today’s current marketplace, decision makers at U.S. public companies named their number one fear to be cyber security threats.  Chubb commissioned public opinion and market research firm Pollara to telephone survey management liability insurance decision makers at U.S. publicly traded corporations to discover their biggest corporate concerns, risks and risk-mitigation strategies.  Even though 63% of public companies surveyed said data breaches were their biggest concern, 65% of the respondents also said they did not have cyber liability insurance.  And although 71 percent of the survey participants said they had a data security breach and response plan, 57% of the ones who had a plan also did not have cyber insurance.  Therefore, it would seem some of the biggest U.S. public companies are definitely concerned about data breaches, but they’re not prepared to appropriately cover the risk. 

This is particularly disconcerting when you consider the cost of a data breach.  In 2011, a typical data breach averaged a total of 28,349 breached records at $194 per record (including call centers, forensics and other expenses) equaling around $5.5 million in total organizational costs.  And public opinion seems to agree with the figures.  In a 2011 Opinion Research Corporation study performed for Chubb, 33% of Americans surveyed don’t think companies do enough to protect them from identity theft.

In response to this growing concern from the public and businesses, 46 states have enacted some type of data security breach notification legislation.  Still, according to the Computer Security Institute, 2 in 5 companies had a significant data breach issue within a 12-month period and 24% of the survey participants said they expect that their company will experience some kind of breach of data in the coming year.   The good news is that half of companies (52%) surveyed are budgeting for additional resources toward mitigating cyber threats, more than any other category of business risk. Of the companies that don’t have an e-security incident response plan, half of them are planning to develop one in the next 12 months.  Yet the one constant that remains is that cyber insurance purchases still fall short despite the corporate recognition of need for data protection and security.