(Adds background, comment from broker, other information, in the
ninth through 12th paragraphs.)
--More concern on cyberattacks, data breaches than property
damage, investment risk - survey
--AIG survey shows growing concern about cyber-risks
--Insurance coverage for cyber-risks had been 'a really tough
sell' until recently, broker says
By Erik Holm
More corporate executives are concerned about cyberattacks and
data breaches than property damage and investment risk, according
to a survey commissioned by insurer American International Group
Inc. (AIG).
The poll found 85% of the survey participants--a group that
included risk managers and senior executives in the U.S. and
Canada--were very or somewhat concerned with cyber risks. That
compared with 80% who were concerned with property damage and 76%
concerned about securities and investment risks.
Insurance companies and brokers have been trying to sell add-ons
to standard commercial insurance policies to cover such risks for
more than a decade. The survey results are the latest sign that
corporate America is growing more concerned about the potential
damages that can arise when companies lose control of customer
information--and growing more receptive to the role insurers can
play in protecting against that threat.
"Clients are more aware today than even a year ago that this
risk is really not just an IT [information-technology] exposure,"
said Tracie Grella, the head of professional liability for global
financial lines at AIG. "It really needs to be addressed through
risk management."
David Derigiotis, an assistant vice president at wholesale
insurance broker Burns & Wilcox, said the brokers with which he
works with have double-digit percentage sales increases in
cyber-risk coverage in the last 12 months.
"Cyber has been a really tough sell" until recently, he said.
"It's just over the last year we've started to turn the corner and
grow...People are realizing the value."
The increased interest from buyers has come as prices for the
coverage have fallen sharply and the policies have been refined
over the past few years, Mr. Derigiotis said.
Now, AIG and other insurers often provide a "breach coach" to
guide a company through a data breach and the dozens of different
state laws that need to be followed, offer a call center that can
respond to customers, and provide forensic specialists who can
determine how the information got out.
The U.S. Department of Energy, Twitter Inc. and several news
outlets, including The Wall Street Journal, have revealed attacks
by hackers in recent days. In addition, Iran was thought to be
behind a series of denial-of-service attacks against several U.S.
banks last month. But other risks are more mundane--and more
common--and can involve mistakes by employees who lose laptop
computers with confidential information or provide company records
to identity thieves.
News coverage of attacks can cause interest in cyber-risk
coverage to jump, said Ms. Grella. Retailers were early adopters of
the coverage because they were early targets of hackers, she said.
Large and midsized retailers now buy cyber-risk protection about
75% of the time, she said, far higher than roughly 20% overall
participation rate for commercial insurance buyers of similar
size.
A rise in concern by regulators and an increase in web-enabled
devices have also played a role in increased interest in insurance
protection in recent years, said Robert Parisi, network-security
and privacy-practice leader for Marsh & McLennan Cos.' (MMC)
Marsh Inc. insurance broker.
"Their day-to-day risk is highly infected with potential
technology pitfalls," said Mr. Parisi. "We've started to see a lot
of companies and a lot of different industries...recognize that
there is a significant risk."
The survey from AIG was conducted as part of the company's
promotional effort for its CyberEdge insurance package, which helps
cover costs associated with data breaches and other cyber risks.
AIG now offers software to help stop potential cyberattacks and an
application for Apple Inc.'s (AAPL) iPad tablet computer that
provides information about cyber risks as part of its suite of
services.
Write to Erik Holm at erik.holm@dowjones.com.
Subscribe to WSJ: http://online.wsj.com?mod=djnwires