Skip to Main Content

Raising Awareness about Cyber Risk

To develop a new product, the first step to success is always the same: Understand the customer’s need. But the need is not the product you’re selling. It’s the problem your product is trying to solve.

I mention this because the cyber insurance survey results we released last week found that most companies today don’t see their lack of cyber coverage as a problem. The survey, conducted by Hanover Research and sponsored by ISO, found that 40 percent of cyber insurance carriers say the biggest challenge in selling cyber insurance is that companies don’t think they need cyber coverage and 29 percent believe they’re already covered under existing policies. Only 12 percent indicated the biggest challenge is that premiums are too high.

For the cyber insurance industry, the message is clear: We need to continue to educate business leaders about the exposures and costs they potentially face should they suffer a cyber attack. That’s one reason why I’ve been blogging, writing articles, attending conferences, and reading about cyber security news regularly. I need to understand and raise awareness about the rapidly changing and dangerous world of cyber risk.

With the goal of education in mind, here are some additional findings from the survey about carriers that offer cyber insurance:

  • No dedicated staff: 51 percent have no dedicated cyber insurance underwriters and rely on staff from other lines to sell cyber policies.
  • Optional endorsements popular: 92 percent offer optional cyber endorsements to existing insurance policies.
  • Risk profile and approach most important in underwriting: Almost half consider the nature of the company’s data and its enterprise risk management philosophy to be more important when underwriting cyber risk than whether a company employs security tests and audits, firewalls, and encryption.
  • Cyber extortion coverage less common: Only 18 percent offer coverage for cyber extortion, while 79 percent offer coverage for data breach expenses.
  • Hospitals considered less hazardous to insure: More than 70 percent say credit card payment processors, banks and financial services, and national retail chains are the most hazardous risks to insure. Only 14 percent say hospitals and healthcare systems are the most hazardous.

If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website,, or e-mail me at You can also follow me on Twitter @doughertyshawn.

Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.

You will soon be redirected to the 3E website. If the page has not redirected, please visit the 3E site here. Please visit our newsroom to learn more about this agreement: Verisk Announces Sale of 3E Business to New Mountain Capital.