2022 Advisen-Zurich Survey Illuminates Growing Cybersecurity Concerns

Survey points to gaps in understanding of what's driving higher costs and limiting access to cyber insurance coverage — and what businesses can do about it.

October 27, 2022

4 Min Read


SCHAUMBURG, Ill., Oct. 26, 2022 /PRNewswire/ — Good news for cybersecurity: More risk managers have purchased cyber insurance to help protect their businesses and customers from the potentially disastrous consequences of breaches and hacks. The bad news: Increasing premiums and restrictions for cyber coverage over the past year have created frustration for some business leaders.

This is the mixed picture emerging from the just-released 12th annual Information Security and Cyber Risk Management study from Zurich North America and Advisen Ltd., a Zywave Company. The 2022 study indicates that 86% of respondents now have cyber insurance, up three percentage points from 2021 and the highest percentage in the history of the survey. About 83% of respondents say they've taken steps to assess their cyber risk, and 69% have invested in cybersecurity solutions to mitigate risk.

Such findings suggest that CEOs, CIOs and risk managers increasingly grasp the threat that cyberattacks pose to their businesses, customers and the economy. But comments in the survey also reveal gaps in understanding of the drivers of insurance rates and restrictions and the role that risk mitigation actions play in the ability to access coverage at an affordable price.

"Our latest survey shows that many respondents recognize cyber threats and claims have increased in frequency and severity, but some business leaders struggle with the extent of the impact on insurance costs, policy terms and risk selection," said Michelle Chia, Head of Professional Liability and Cyber at Zurich North America. "What's clear is that cyber resilience is critical to business resilience. Carriers, distributors, risk managers, IT professionals, governments and employees everywhere need to work together to strengthen cyber resilience in this fast-evolving risk landscape."

Other highlights from the survey:

  • 54% of respondents who experienced a claim reported it to their cyber insurance carrier. More than 70% recouped costs from their cyber insurance carrier, while a portion of claims are still in process.

  • 52% have increased their organization's oversight of IT vendor management in response to geopolitical conflict concerns.

  • 52% of respondents agreed that their cyber insurance meets their expectations and provides value, and 61% said their coverage meets some but not all organizational needs.

  • Over 93% of respondents said they expect Data Breach and Cyber Extortion/Ransomware coverage to be included in cyber insurance policies, followed by Data Restoration (87%) and Business Interruption (75%).

  • 81% of respondents reported having cyber incident response plans in place, but less than 60% test these plans regularly.

  • 62% of respondents cited "Enhance Employee Training" as one of their top cybersecurity priorities over the next year.

"While there's more to be done, it's encouraging to see organizations taking steps to shore up their cyber resilience," Chia said. "Insights from this survey present the opportunity for insurance carriers and brokers to provide continuing education on the shifting cyber risk environment and mitigation techniques. Those responsible for managing cyber risk can refer to this survey's insights to help gain organizational support for additional investments to enhance cyber resilience and access to insurance coverage."

The survey was completed at least in part by 353 risk managers, insurance buyers and other risk professionals. The majority classified themselves as either a chief risk manager or the head of a risk management department (28 percent); a different member of a risk management department (25 percent); a chief information security officer or chief privacy officer (5 percent); or other executive, such as a CIO, CFO or CEO (20 percent).

The full Information Security and Cyber Risk Management survey report is here.

About Zurich North America

Zurich North America is one of the largest providers of insurance solutions and services to businesses and individuals. Our customers represent industries ranging from agriculture to technology. Zurich North America is part of Zurich Insurance Group, a leading multi-line insurer serving people and businesses in more than 210 countries and territories. Founded 150 years ago, Zurich is transforming insurance. In addition to providing insurance protection, Zurich is increasingly offering prevention services such as those that promote wellbeing and enhance climate resilience.

Reflecting its purpose to "create a brighter future together," Zurich aspires to be one of the most responsible and impactful businesses in the world. It is targeting net-zero emissions by 2050 and has the highest-possible ESG rating from MSCI. In 2020, Zurich launched the Zurich Forest project to support reforestation and biodiversity restoration in Brazil.

The Group has about 56,000 employees and is headquartered in Zurich, Switzerland. Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information is available at www.zurich.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights