NEW YORK, May 2 (UPI) -- Major companies are shunning multimillion-dollar insurance policies against threats from cybercrime and other attacks on their computer networks and relying instead on developing in-house capabilites to beat the problem, a report said.
Professional service provider Towers Watson said the companies' decision to opt for internal preventive measures against cyberthreats could be down to "a false sense of security and an overreliance on their own IT organization."
Both software developers and insurance companies have been pushing corporate sector customers to buy more into new technologies and new insurance arrangements to guard against loss from cybercrime.
However, more companies have responded by cutting back on insurance and building their own capability to deal with threats to networks, arguing they need to remain up to date with the means of dealing with threats.
Related
Software developers are frequently criticized for not being fast enough in response to new threats in the cyberspace.
A Towers Watson Survey found that despite increasing cyberthreats most companies aren't buying network liability policies as widely expected by the insurance industry and its associates.
The vast majority of companies -- 73 percent -- haven't purchased network liability policies, the survey indicated.
Of those not having such policies in place, 37 percent said their internal information technology departments and controls are adequate, while 15 percent either said the cost of a risk transfer solution is prohibitive or that they aren't overly concerned about the risk.
"We're seeing a lot of companies in the market right now that have a false sense of security and an overreliance on their own IT organization," said Larry Racioppo of the executive liability group in Towers Watson's brokerage business.
"Risk managers need to take a broader look at how they can manage the risks associated with cyberattacks from a corporate, financial and reputational standpoint," he said.
The United States observed October 2009 as the nation's first cyber awareness month. The administration-led campaign was widely credited with raising corporate and individual awareness of cyberthreats and how to deal with them.
Towers Watson said companies need to remain current with developing cybercrime patterns.
"Technology changes at such a rapid pace, there are new risks -- potentially more damaging risks -- that will undoubtedly occur, and companies have to continue to find better ways to manage and mitigate those risks and make sure that they do all they can should they become exposed to a particular threat," Racioppo said.
The survey queried 164 risk and finance managers for the survey. Despite the uncertain financial climate, 54 percent said they established enterprise risk management capabilities but the figure was down 1 percentage point from a survey conducted last year.
An overwhelming majority -- 83 percent -- said they identified and prioritized key risks and assigned risk owners, up from 73 percent a year ago.
"Not a significant amount has changed with regard to implementation, although a growing number of risk managers are identifying and quantifying key risks that could dramatically impact their organizations," said Barry Franklin, a director in Towers Watson's corporate risk management practice.
Despite events such as the BP Deepwater Horizon disaster and earthquakes in Chile, New Zealand and Japan, fewer than half of the respondents said the impact of those high-profile disasters had an effect on their risk modeling and business continuity programs.
