Panaseer, an enterprise security company, has released its latest report on the state of the cyber insurance industry. The survey of global insurers across the UK and US found that 82 per cent are expecting the rise in premiums to continue, with 74 per cent of insurers agreeing that their inability to accurately understand a customer’s security posture is impacting price increases.
Insurers also see the increasing cost of ransomware as a leading factor (78 per cent) affecting premium rises, with largest ransom pay-outs by insurers in the last two years averaging £3.26million in the UK and $3.52million in the US.
The cyber landscape is continuously evolving. Ransomware is now considered the greatest cyber threat to the UK, while the US was the most targeted region in 2021, accounting for 53 per cent of all ransomware attacks globally. To help combat the ransomware crisis, Panaseer found that 87 per cent of insurers want a consistent approach to analysing cyber risk, and 89 per cent want direct access to customer security metrics and measures proving the status of security controls.
As explained by Andreas Wuchner, a cybersecurity and risk expert and advisor to Panaseer, “Metrics and measures will absolutely have a bigger role in insurance. There is a new market developing where insurers will offer a reduction on pricing if you provide a quarterly report through a specific security platform, because they know it’s a good product that helps to improve cyber hygiene. It is likely we will see the old way of doing cyber insurance coming under pressure, as there are smaller, more agile organisations capable of doing more and offering support.”
As premiums have risen and policies have tightened over the last five years, Panaseer’s research found that it is now the manufacturing, financial services and healthcare industries that are making the most cyber insurance claims. The research also found that 40 per cent of insurers across the UK and US believe that cloud security is the most important factor when assessing a potential customer’s security posture. Yet, this is closely followed by security awareness (36 per cent), along with application security (32 per cent), vulnerability management (31 per cent), privileged access management (31 per cent) and patch management (30 per cent), highlighting that insurers expect to see evidence of a layered, multi-faceted approach to cybersecurity.
“Unfortunately there are no optional security measures,” says Nik Whitfield, founder and chairman of Panaseer. “Insurers expect organisations to have good cyber hygiene across a broad spectrum of security areas, both on-premise and cloud environments, with the evidence to prove it. That’s why transparent data and security automation is so important, because it’s hard for any organisation to be perfect at all these technical disciplines.”
Additional key findings from the research include:
- The increasing sophistication of cyber threat actors is another leading cause (73 per cent) of rising premiums for cyber insurance, alongside the increased threat from cyber-attacks targeting software supply chains (79 per cent), the cost of ransomware and the inability to accurately understand a customer’s security posture.
- Even if the current rate of cyber-attacks remains the same, the vast majority (84 per cent) of respondents claim their organisations would continue to offer cyber insurance over the next three years
- While 47 per cent of total respondents said they are ‘very confident’ in their underwriting process, 44 per cent are only ‘somewhat confident’. Furthermore, nine per cent said they were ‘not that confident’ or ‘not at all confident’, rising to 15 per cent among UK respondents.