There is a “disproportionately high” mismatch between cyber risk awareness and implementation of protection measures given the increasing frequency and severity of attacks, Munich Re has said.
The warning comes in a report alongside findings from the company's Cyber Risk and Insurance Survey 2022, which included more than 7,000 participants from 14 countries across all industries and company sizes.
Although cyber risk awareness among managers has risen by nearly 10% since last year, 83% of surveyed representatives said that their own company is still not adequately protected against digital threats.
This is despite 38% of C-level respondents admitting that they are “extremely concerned” about a potential attack, up from 30% last year, with 71% of companies surveyed having now been affected by ransomware or a data breach, up from 53%.
On a more positive note, 43% of executives said that they had been offered cyber insurance, up from 34% in 2021, and 35% are now considering coverage for their company.
“Supply and demand for cyber insurance have increased slightly, but most respondents are still not adequately protected or even prepared,” the report states.
“In view of the market situation, the requirements on the part of insurers to provide access to products and solutions and to ensure sustainability for this line of business are also increasing.
“The potential for cyber insurers is high, but resilience and readiness are a prerequisite for tapping into this potential.”
Munich Re estimates that the global value of cyber premiums was $9.2bn (£7.4bn) at the start of this year, and expects this to reach approximately $22bn by 2025.
Its survey found that a lack of human resources and skilled personnel, poor integration and interoperability of security solutions, and insufficient collaboration between individual departments, are among the main challenges for companies looking to improve cyber security.
A lack of historical data and non-existent or inconsistent legal obligations related to reporting ransomware or cyber business interruption events are also making it difficult for insurers when pricing cyber risks.
“However, the insurance industry finds itself able to collect and analyse more and more information from covered losses,” the report adds. “Insurers and Munich Re are in a uniquely privileged position to collect proprietary information from risk owners.
“Cyber insurance, together with other stakeholders, can leverage this data to reshape cyber risk assessment and better explain the modelling of cyber risks to its insured.”
Image credit: iStock
Author: Chris Seekings