A new study shows that an overwhelming majority of data breaches fall short of cyber insurance policy deductibles. The study, conducted by insurance information and analytics company Advisen and commissioned by data breach response company ID Experts, found that most data breaches are relatively small, resulting in less than 500 records lost. In fact, the median data breach on results in about 100 compromised records, the report claims. On the other hand, most cyber insurance policies are only designed to cover large scale cyber-attacks and data breaches – 90% of survey respondents noted deductibles greater than $10,000 and 48% with deductibles exceeding $101,000. This leaves most companies with a coverage gap as 70% of respondents reported using internal resources to manage smaller breaches.
John Pescatore, director of emerging security trends at SNAS, notes that there are many misconceptions around cyber insurance, meaning that they are not for everyday occurrences, or everyday breaches for that matter. “Take auto insurance, for example: your insurance provider isn’t going to pay to fix your flat tire, nor is cyber insurance going to cover small breaches,” he says. This goes to say that companies should remain focused on good cybersecurity practices before solely relying on cyber insurance to clean up the mess. Additionally, if a breach occurs that is in the “coverage gap,” it is important that they have set up a contingency to cover these uninsured losses.