A 2013 Aon study indicated that 7% of organizations would be interested in using their captive insurer to cover cyberrisks. Yet a new survey by the company found that only 1% are actually using their captive for the coverage.
According to data from more than 1,000 captive owners in "Cyber Risk and the Captive Market-A Match Made in the Cloud?" the number of companies writing cyber in their captive has remained at 1% since 2012. "For such a large and looming potential source of liability, this is a remarkably low -number," the report said.
The majority of that 1% are formed by the U.S. health care industry as a result of the Patient Protection and Affordable Care Act, which places an obligation on medical companies and hospitals to have electronic medical records, which are vulnerable to cyberattack. Other industries using captives for cyberinsurance coverage are professional services groups, financial institutions and retailers, "which we believe will become more prominent as the reliance on online tools for such industries continues to grow," Aon said.