Assessment of Business Cyber Risk Shows Improvement in National Risk Score and Spotlights Cybersecurity Insurance as One Tool to Manage Cyber Risk

Tuesday, July 28, 2020 - 9:00am

WASHINGTON, D.C. — The Assessment of Business Cyber Risk (ABC) report released today by the U.S. Chamber of Commerce and FICO recorded a National Risk Score of 694 for the first half of 2020, an improvement over the previously-reported 688 in 2019. In the current COVID-19 pandemic, American businesses are seeing an increase in phishing and other malware attacks, so it’s more important than ever for companies to understand their cyber risk and take steps to mitigate it.

“For the last few months the COVID-19 pandemic has changed the way Americans have conducted business and how we source essential goods and services for the functioning of the digital economy,” said Christopher D. Roberti, senior vice president for cyber, intelligence, and supply chain security policy at the U.S. Chamber. “Our nation is continuously exposed to considerable cyber risk, and this worldwide pandemic has exacerbated the issue, underscoring the importance of cyber risk management. While cyber insurance is relatively nascent, it is maturing, and more businesses are using it as a tool to help manage cyber risk.” 

Creating opportunities for improved awareness and richer dialogues is an important objective for the U.S. Chamber of Commerce and FICO, and the ABC promotes this dialogue by providing a national risk score that enables U.S. businesses to understand their cyber risk. 

This is the first assessment of 2020 and in addition to the National Risk Score, the report highlights an increasingly important risk management tool for businesses – cyber insurance.  
 
While security experts and consultants work to prevent cyberattacks before they happen, insurance providers are stepping up their offerings to provide coverage once breaches occur. Malicious cyber activity costs the U.S. economy between $57 and $109 billion in 2016, according to the United States Council of Economic Advisers. With the average cost of a data breach costing companies almost $4 million, cybersecurity insurance is becoming a tool for businesses to manage residual cyber risk that they cannot manage with their own security controls, processes, and technology.   
 
“The pandemic has caused massive disruption across businesses, resulting in new vulnerabilities that cyber criminals are looking to take advantage of,” said Doug Clare, Vice President of Fraud, Financial Crimes and Security Products at FICO. “Companies are now needing to transform their short-term strategies into long-term cyber resilience. This starts by organizations better understanding and identifying the new cyber risk across their lines of business; including risks that come with new vendors that may have been added in a hurry to fill COVID-related gaps in their supply chains.”
 
To help businesses navigate the cyber liability insurance marketplace, the ABC report focuses on the role of cyber liability insurance in enhancing the cyber ecosystem. The report offers a perspective on what to look for in a policy, including price and coverage and offers five recommendations that organizations may consider using when evaluating insurance products and services: 

  • Understand and manage the risk factors of technology within your organization 
  • Enlist all relevant departments and members within an organization to assess the gaps in cyber coverage 
  • Consider various policy options and cross-analyze them to reveal coverage gaps 
  • Determine how much risk to assume and how much to transfer to the insurer 
  • Ensure appropriate executives are aware of the option for cybersecurity insurance 

More details about these five recommendations as well as insight from industry experts can be found in the report