The captive cyber survey, new to 2016, found the cost of business interruption due to a breach to be the top cyber risk concern for businesses across all industries.
The survey revealed that 94 percent of respondents would share risk with others in their industry as part of a captive facility writing cyber.
Aon expects alternative risk transfer options to become increasingly sought after as these solutions give companies some control over underwriting, coverage scope and claims adjustment.
The survey also found that 61 percent of survey respondents buy cyber limits in the $10 to 25 million range, but overall 60 percent of large companies still do not buy cyber insurance.
Of the 40 percent that do, 68 percent buy cyber for balance sheet protection, closely followed by ensuring due diligence comfort for the board.
According to the survey results, only 25 percent of respondents that buy limits are confident that they comply with international best practices and standards for information security governance.
It also noted that 95 percent of companies state clear policy wording as the most important issue in the cyber risk market, and 75 percent of large companies express concerns about the loss adjustment process.
Peter Mullen, CEO of the Aon Risk Solutions captive and insurance management practice, commented: “Our findings indicate that there is a disparity between companies recognising that cyber is one of the fastest growing and permeating risks, and actually understanding what their individual exposures and coverage needs are.”
“Captives are a great alternative risk transfer solution for bridging this gap while the industry’s approach to cyber risk management catches up to the evolving pace of technology.”
Kevin Kalinich, global practice leader for cyber and network risk at Aon Risk Solutions, added: “Given the evolving nature and complexity of cyber exposures, we found that the use of cyber risk assessments is surprisingly low.”
"Conducting such an assessment is a useful tool for improving risk understanding and maturity as well as helping organisations better prepare for potential business interruption during or after a breach.”