Aon’s 2014 Captive Benchmarking Study has confirmed that only 1 percent of captive owners are funding cyber risk through their captives.
The reluctance for many organisations appears to derive from the challenge of gaining an estimation of the cyber risk exposure and quantification of consequences of cyber events.
This surprising result has prompted Aon to further investigate the possible reasons why, especially since prior research suggested much higher interest levels.
In Aon’s 2014 Underrated Threats Report, 83 percent of the captive directors surveyed felt that the ranking of 18 in Aon’s Global Risk Management Survey 2013 for cyber risks was severely underrated, a finding that was consistent along regional and revenue categories.
In the same 2013 survey, 7 percent of the captive owners surveyed indicated interest in underwriting cyber risks such as computer crimes, hacking, viruses and malicious codes, in a captive over the subsequent five years.
Most cited the lack of appropriate cover in the commercial market place as the reason.
When Aon analysed those captives that are writing cyber risk, the majority were from the US healthcare industry. This relates to the Patient Protection and Affordable Care Act that places an obligation on the medical company or hospital to have electronic medical records, which are inherently open to cyber-attack.
According to Aon, other industries writing cyber risk are professional services groups, financial institutions and retailers, all of whom have an increasing reliance on online tools.
