A Panaseer survey of global insurers in the UK and US found that 82% expect premium increases to continue, with 74% of insurers agreeing that their inability to accurately understand the posture of customer security has an impact on price increases.
Insurers also see the rising cost of ransomware as a major factor (78%) affecting premium increases, with the largest ransom payments by insurers over the past two years averaging 3, £26m in the UK and $3.52m in the US.
The cyber landscape is constantly changing. Ransomware is now considered the biggest cyber threat to the UK, while the US was the most targeted region in 2021, accounting for 53% of all ransomware attacks globally. To help combat the ransomware crisis, researchers found that 87% of insurers want a consistent approach to cyber risk analysis, and 89% want direct access to customer security metrics and metrics proving cyber risk. status of security checks.
“Metrics and measurements will definitely have a bigger role in insurance. A new market is developing where insurers will offer a price discount if you provide a quarterly report through a specific security platform because they know that it’s a good product that helps improve cyber hygiene It’s likely we’ll see the old way of doing cyber insurance come under pressure as there are smaller, more nimble organizations that can do more and to offer support,” said Andreas Wuchner, cybersecurity and risk expert and advisor to Panaseer.
As premiums have risen and policies have tightened over the past five years, research has found manufacturing, financial services and healthcare now claim the most insurance claims cyber. The research also found that 40% of UK and US insurers believe cloud security is the most important factor when assessing a potential customer’s security posture.
It is closely followed by security awareness (36%), as well as application security (32%), vulnerability management (31%), privileged access management (31%) and patch management (30%), noting that insurers expect to see evidence of a layered approach to cybersecurity.
“Unfortunately, there are no optional security measures,” says Nik Whitfield, president of Panaseer. “Insurers expect organizations to have good cyber hygiene across a wide range of security areas, in both on-premises and cloud environments, with supporting evidence. This is why seamless data and security automation is so important, because it is difficult for an organization to be perfect in all of these technical disciplines.
Additional key findings from the research include:
- Growing sophistication of cyber threat actors is another major cause (73%) of rising cyber insurance premiums, alongside the increased threat of cyber attacks targeting software supply chains (79%) , the cost of ransomware, and the inability to accurately understand a customer’s security posture.
- Even if the current rate of cyber attacks remains the same, 84% of respondents say their organization will continue to offer cyber insurance over the next three years.
- While 47% of total respondents say they are “very confident” in their underwriting process, 44% are only “somewhat confident”. In addition, 9% said they were ‘not so confident’ or ‘not at all confident’, with this figure rising to 15% among UK respondents.