Microsoft has claimed recently that over the past few years, cyber attacks have become the top risk for businesses today.  A survey by Microsoft and the insurance consultancy Marsh found that most executives consider cyber attacks to be their top business concern.

Cyber attacks the top risk for businesses today: outranking brand damage and economic uncertainty

The survey found that when it comes to bigger risk, cyber attacks now outrank brand damage, regulation and economic uncertainty.  Perhaps as a result, cyber insurance policies are much more common than they were two years ago.

Microsoft and Marsh found in 2017 that 62% of the respondents saw cyber attacks as one of the top five risks. By 2019, that number had jumped to 79%. Those who saw cyber attacks as the top risk rose from 6% to 22% since 2017.

Other surveys and reports have alighted on similar findings.  The World Economic Forum (WEF) 2019 Global Risks Report ranked cyber attacks and data theft as top five risks in terms of likelihood.  Insurance giant AIG disclosed that business email compromise (BEC) related insurance claims were the top cyber-insurance claims in 2018, accounting for approximately 23% of all of its claims in the EMEA (Europe, the Middle East and Africa) region.

47% of organizations have cyber insurance

The Microsoft/March report found that over 47% of organizations had cyber insurance in 2018, compared to 34% in 2017. Over 57% of firms with annual revenues of over $1bn had cyber insurance, while 36% of those with under $100m in revenues had cyber insurance. Almost all respondents who were part of the survey – 89% – said that they are confident that their cyber insurance policy would cover the cost of any cyber-attack.

However, this is not always the case. For example, the food conglomerate Mondelez was hit by by the ransomware NotPetya in 2017.  Its insurer refused to pay the $100m claim because NotPetya was considered a warlike action.