CFOs: Cyber insurance may create a false sense of security. Here's why.
In a study of more than 105 CFOs and other senior financial executives from companies with worldwide revenue of US$1 billion or higher—commissioned by commercial property insurer FM Global, 45% said they expected their insurer will cover “most” related losses from a cyber security event, and 26% said they expected their carrier will cover “all” related losses.
However, most of the effects these financial executives expect to experience in a substantial cyber security event aren’t typically covered by insurance policies, according to FM Global.
These effects include:
- degradation of the company’s brand/reputation (46% said this was a likely effect of a cyber security event)
- increased scrutiny from the investment community (40%)
- decline in revenue/earnings (38%)
- introduction of regulatory compliance problems (35%
- decline in market share (24%)
- decline in share price (24%)
- although insurance would be expected to cover lost revenue during the span of a disruption, lost revenue related to lost growth, market share, brand equity after resumption of operations would not normally be covered, FM Global said.
There will also be was new costs to mitigate the loss, cited by 53% of senior financial executives in the survey.
Many new costs—including expenses related to restoring data or equipment—would be covered by first-party cyber insurance or property insurance, according to FM Global.
Litigation and customer notification costs would be covered by third-party insurance, the firm added.
But the rest of the listed costs in the study would likely have to be absorbed by the impacted company, the insurer said.
In addition, more than half said financial recovery from a substantial cyber security event would take months to years.