While the vast majority of corporations surveyed have purchased cyber insurance, and almost half have filed a claim as the result of a breach, there are still gaps in their incident-response plans, a new study commissioned by Wells Fargo Insurance’s Technology, Privacy and Network Risk Practice found.

Wells Fargo examined 100 U.S. companies with $100 million or more in annual revenue from a variety of industries ranging from manufacturing to educational services. The survey asked the companies about their current levels of readiness to respond to a cybersecurity or data privacy incident, perceptions of their own security and network vulnerabilities, and the challenges they faced when purchasing the coverage.

For more information, see Wells Fargo’s white paper, “2015 Cyber Security and Data Privacy Survey: How Prepared Are You?”

Eighty-five percent of respondents said they have purchased cyber coverage. Of those, 74 percent bought the coverage to protect their business against financial loss, followed by a need to protect shareholders (64 percent) and to help prepare for data privacy events (61 percent).

Forty-four percent of the companies that indicated they purchased cyber coverage said they have already filed a cyber-related insurance claim; 96 percent of those reported they were satisfied with their coverage, how the claim was handled, and that the policy covered their expenses and damages.

Companies that purchased cyber coverage said their biggest challenge was finding a policy to adequately fit their company’s needs (47 percent) or the cost (42 percent), which Wells Fargo believes highlights the need for an experienced broker. Thirty-six percent of respondents said their company did not believe the risk was big enough to have cyber insurance.

Most of the companies surveyed have an incident response plan, but 1 in 5 admitted that they have not tested their plan. One in 10 companies that had to implement their plan did so without testing it beforehand, with 74 percent saying they needed to revise their plan following the incident.

“While companies recognize the need for cybersecurity and data privacy insurance, purchasing coverage is not a complete solution,” said Dena Cusick, national practice leader with Wells Fargo Insurance’s Technology, Privacy and Network Risk National Practice. “It’s also important to recognize that other factors—including testing incident response plans, employee awareness training and following established privacy policies—are all critical components of an overall risk management program.”

Wells Fargo also provided a list of key steps to help protect your organization:

  • Develop and test an incident response plan.
  • Develop a privacy policy and ensure that it’s followed.
  • Require all employees to take training on their responsibility for protecting data.

Source: Wells Fargo Insurance