From our homes and holidays to our very existence, you can take out insurance for just about anything. Businesses face a similar range of options. Be it commercial property, workers’ compensation, or product liability, insurers are only too keen to sign up companies to a wide range of policies.
One of the fastest-growing corners of the insurance market is cyber insurance. With ransomware, cyberattacks, and data breaches becoming daily occurrences, protecting against digital threats is one of the industry’s fastest-growing sectors. According to a new report by Gallagher, the cyber insurance market will more than double from $14 billion in 2023 to $29 billion by 2027. Research by Chubb has found that 89% of executives plan to expand their cyber insurance coverage to address the increasing threat of technological vulnerabilities.
However, as businesses respond to a growing threat landscape, insurers are also reacting.
The cyber insurance market is tightening
According to Delinea, nearly 70% of organisations renewing their cyber insurance have experienced premium increases ranging from 50% to over 100% in recent years. This price hike is a reflection of the risks posed by cybercriminals.
There are several factors driving this increase:
- Increased claim frequency and severity: Cyberattacks, particularly ransomware, have led to significant payouts, prompting insurers to re-evaluate risk models.
- Regulatory pressure: Compliance with regulations such as GDPR, NIS2, and the SEC’s cyber security disclosure rules is becoming a factor in risk assessments and policy pricing.
- Geopolitical uncertainty: The conflicts in Ukraine and Gaza are driving an increase in cyber incidents targeting connected organisations.
Policy compromises
To avoid having to raise premiums any further, insurers are taking two steps. The first is to reduce coverage for certain types of cyber incidents. For example, in 2023, Lloyd’s of London issued a bulletin requiring underwriters to exclude certain types of state-backed attacks from their cyber policies due to how widespread these attacks have become.
The second step is to lengthen the checklist of cyber defences that businesses must have in place before they are eligible to make a claim. Only organisations that can demonstrate comprehensive protection against cyberattacks and related issues will be in line for a payout.
Here are some of the criteria insurers are looking for:
Multi-factor authentication (MFA)
Implementing MFA adds an extra layer of security beyond just usernames and passwords, reducing the risk of credential theft and unauthorised access. For remote workers and accounts with elevated privileges, MFA ensures that even if login credentials are compromised, attackers cannot easily gain access to critical systems.
System segmentation
Network segmentation divides IT environments into isolated segments, preventing attackers from freely moving across systems in the event of a breach. By restricting access between different parts of the network, organisations can contain threats and safeguard sensitive data.
Endpoint protection solutions
Modern endpoint security solutions go beyond traditional antivirus software, incorporating behavioural analysis, machine learning, and real-time threat detection to identify and stop malware, ransomware, and other cyber threats. Endpoint protection should be deployed on all devices, including workstations, servers, and mobile devices.
Monitoring and response capabilities
Continuous monitoring of network traffic, logs, and user activities allows organisations to detect suspicious behaviour and respond swiftly to potential threats. Security Information and Event Management (SIEM) systems, along with extended detection and response (XDR) solutions, provide real-time alerts and forensic insights.
Immutable backups
Immutable backups ensure that critical data remains unaltered and cannot be modified, encrypted, or deleted by ransomware attacks. Storing backups offline or within a logically isolated cloud environment protects them from being compromised.
Integrating cyber resilience with cyber insurance
Cyber resilience refers to an organisation’s ability to prepare for, respond to, and recover from cyber incidents while maintaining business continuity. Here’s how cyber resilience enhances cyber insurance viability:
- Improved insurability: Businesses that demonstrate robust cyber security and resilience practices are more likely to obtain insurance and negotiate better terms.
- Lower premiums: Insurers may offer reduced premiums to organisations that implement advanced security controls and resilience frameworks.
- Minimised coverage gaps: With cyber resilience, businesses reduce the risk of exclusions and limitations in their policies by proactively addressing key insurer concerns.
- Faster recovery and reduced losses: Effective incident response and disaster recovery mechanisms help organisations limit financial damages, making them lower-risk policyholders.
- Compliance alignment: Meeting regulatory requirements enhances both security posture and insurability, reducing the likelihood of fines and legal complications.
Reduce cyber insurance premiums with Redstor
Redstor empowers businesses to enhance their cyber resilience with advanced data protection and backup solutions. By offering immutable backups and real-time malware detection, we help organisations recover swiftly from cyber incidents to reduce downtime and financial losses.
The tightening cyber insurance market underscores the need for businesses to adopt a dual approach: cyber insurance as financial protection and cyber resilience as an operational necessity. By strengthening your cyber resilience with Redstor, you can reduce financial and operational impacts while ensuring long-term security against cyber threats.
In an era where cyber risks are inevitable, the ability to withstand and recover from attacks is just as crucial as having an insurance policy in place. Get in touch today to learn more.