Firms shun cyber threat insurance

policies against cyber crime threats on their IT networks, and are relying instead on developing in-house capabilities, reports UPI.com.

A Towers Watson survey compiled by research from 164 risk managers, found that despite increasing cyber threats, most companies (73%) aren't buying network liability policies as widely expected by the insurance industry.

Professional service provider, Towers Watson explains the companies' decision to opt for internal preventive measures against cyber threats, could be due to “a false sense of security and an over reliance on their own IT organisation.”

Both software developers and insurance companies have been pushing corporate sector customers to buy new technologies and new insurance arrangements to guard against loss from cyber crime.

However, more companies are cutting back on insurance and building their own capability to deal with network threats, and arguing they need to remain up-to-date with the means of dealing with threats.

According to Insurance Networking News, around 46% of companies do not have enterprise risk management programmes and are missing significant opportunities to improve upon them.

Further, the study finds that of those not having network liability policies in place, 37% say their own internal IT departments and controls are adequate, while 15% claim the cost of a risk transfer solution is prohibitive, or that they aren't overly concerned about the risk.

“We're seeing a lot of companies in the market right now that have a false sense of security and an over-reliance on their own IT organisation,” says Larry Racioppo of the executive liability group in Towers Watson's Brokerage business.

He adds: “Risk managers need to take a broader look at how they can manage the risks associated with cyber attacks from a corporate, financial and reputation standpoint.”

Of the companies that currently do not utilise enterprise risk management (ERM), 42% claim there has been no articulation of the value of implementing ERM. Around 29% say that ERM was too resource-intense and expensive to pursue, according to Business Wire.

“Not a significant amount has changed with regard to implementation, although a growing number of risk managers are identifying and quantifying key risks that could dramatically impact their organisations,” says Barry Franklin, Towers Watson director for corporate risk management.