Login Register Subscribe
Current Issue

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

IT departments still dominate cyber risk management

Reprints

While a majority of firms are purchasing cyber insurance, risk management departments run a distant second behind information technology departments in being primarily responsible for spearheading companies’ information security risk management efforts, says a survey of risk managers by Zurich Insurance Group Ltd. and Advisen Ltd. released Tuesday.

This year’s fifth annual Information Security and Cyber Liability Risk Management report is based on a survey of 488 risk managers, insurance buyers and other risk professionals.

According to the report, 61% of respondents said they purchased cyber insurance last year; of these, 73% purchased it on a stand-alone basis, 12% purchased it by endorsement, and 14% purchased both. A total of 30% said they have increased the amount of coverage, 36% said they are considering doing so, and 34% said “no” to both.

Of those who do not purchase cyber insurance, the most common response, at 20%, was, “My superiors do not see the need.”

A total of 68% of respondents said the IT department was primarily responsible for spearheading the information security risk management effort, which compared with 69% in the 2014 survey, and 78% in the 2013 survey. Risk management and insurance came in at 12%, compared with 11% in 2014. Others cited as primarily responsible included chief privacy officer, general counsel’s office, treasury or chief executive officer’s office, internal audit and human resources.

Among other survey results, 72% of respondents said they have a data breach response plan in place in the event of a data breach. A total of 43% said they have exposure to the Internet of Things, 13% said they did not, and 44% said they did not know.