Last year, Aon Inpoint reported about 80 percent of buyers of stand-alone cyber premiums were medium-sized to large companies. However, smaller firms are increasingly assessing their cyber exposure risk as concerns about the potential impact of a cyber incident continue to rise.
“The majority of breaches worldwide occur at companies with 1,000 employees or less because they’re low-hanging fruit for hackers,” explained Ed McGuire, director of specialty insurance at FBinsure. “These companies have minimal IT staff and moderate budgets.”
Prior to this month’s long-anticipated GDPR laws going into effect, the healthcare, financial, and retail industries have been the most frequent targets for highly publicized cyber attacks. Nearly a third of global breaches occur in the healthcare field because patient data is so valuable, and fines for failing to disclose a known breach can climb well into the millions.
[ Beware the 12 'best practices' IT should avoid at all costs. | Get the latest insights by signing up for our CIO daily newsletter. ]
Aon Inpoint estimates that non-PII industry segments such as manufacturing and energy will see some growth in cyber premium purchases as they begin to better understand their exposure to a cyber event and the impact it could have on operations.