An Arctic Wolf Report
The Cyber Insurance Outlook:How coverage is evolving with the current cyber threat landscape.
Get Insurance Insights Directly from Cybersecurity Leaders
Arctic Wolf 2023 Cyber Insurance Outlook Report
Explore highlights from our survey of over 500 IT and security leaders in North America, and gain insights into the obstacles they’re encountering in obtaining or renewing their policies, the new requirements they’re facing, and the steps they’re taking to tackle renewals.
How Many Companies Have Cyber Insurance Coverage?
Our results reveal that, as the frequency and severity of attacks increase, so does the demand for cyber insurance. Organizations recognize that cyber risk has become business risk, which helps explain why cyber insurance is growing at a faster rate than property or casualty insurance, with experts at Cysurance anticipating it will soon eclipse those categories of policies entirely.
THIS MEANS:
While adoption is increasing rapidly, we’re still in the early days of cyber insurance adoption. More companies are expected to follow suit as they recognize the jeopardy they put themselves in by not being insured.
53% of all insured organizations have had cyber insurance for at least one year
47% have had cyber insurance for less than 12 months
34% have had a policy for a substantial amount of time (2 years or longer)
(How many companies have cyber insurance coverage according to respondents of the Arctic Wolf 2023 Cyber Cyber Insurance Outlook Report)
"With the average cost of a data breach in 2023 totaling $4.45 million, more businesses now recognize they put themselves in serious jeopardy by skipping out on insurance. Foregoing insurance might once have been a tenable stance, but the severity of today’s cyber threat landscape has made such a position much less palatable in the last two years."
- Arctic Wolf 2023 Cyber Insurance Outlook Report
The State of Premiums
In the early days of cyber insurance — as little as five years ago — organizations seeking a policy found affordable options that were simple to obtain. But those days are gone. According to experts at Cysurance, increased threat actor activity, coupled with the rise of remote work and the adoption of cloud technologies, has driven an increase in premiums as high as 3,000% for some customers.
THIS MEANS:
The past few years have seen insurance companies rightsizing their terms and raising the level of protection expected for organizations to obtain a policy. Cyber insurers have become much more selective about their coverage plans, having witnessed huge loss ratios in the last few years from cyber attacks that affected both clients and third-party customers.
77% of Policy Holders:
saw some level of increase in their premiums from year to year
Saw Increase in Premiums
37% of Those Policy Holders:
saw at least a 10% increase in their premium
Saw 10% Increase
64% of Respondents:
say they upgraded their insurance coverage in the last 12 months
Upgraded Insurance
“When we are properly investing in security controls, we’re able to bring down the cost because we’re able to demonstrate to carriers what’s effective and what works, reducing the severity and impact of those risk — meaning more fender-benders and fewer totals."
- - - - - - Kirsten Bay CEO of Cysurance What Products Are Organizations Missing to Meet Cyber Insurance Requirements?
Insurance carriers are working hard to ensure that customers are exercising the right tools and security controls to manage risk effectively. If they fail to comply, customers may lose coverage or see their premiums increased. Nearly every organization we surveyed needed to add at least one additional product to their security stack to secure their policy.
The survey found that 98% of organizations had to purchase an additional product or products to meet cyber insurance requirements
Cloud security monitoring
Multi-factor authentication
Security awareness training and phishing testing
Endpoint Detection and Response
THIS MEANS:
Insurers expect customers to make more than just cosmetic, incremental adjustments to their security. If they’re going to cover some or most of the costs from a data breach, then they need to know their customers aren’t inviting undue risk by neglecting common sense cybersecurity practices.
Plan Ahead When Seeking a Cyber Insurance Policy
39% of organizations stated it took between 30-90 days (about 3 months) of preparation to obtain a policy
The changes to the cyber insurance market have created multiple obstacles for new policy seekers, which can obstruct the evaluation and application journey.
THIS MEANS:
Leaders need to start internal work early, identifying gaps in policy requirements, assigning individuals across the organization to focus on the process, outlining goals and minimum coverage requirements, setting proper expectations and, when needed, working with a broker who has expertise in the area.
Solutions Impacting Cyber Insurance Premiums for Current Policy Holders
It’s not just new policy seekers who are expected to add solutions to their tech stack in order to qualify for the best rates.
48% of organizations with current policies say their insurer added new requirements to maintain coverage
As with new policy seekers, the requirements demanded by insurance carriers fall into common cybersecurity categories:
(Percent Required to Add Service)
Cloud Security Monitoring
Privileged Access Management
Network Protections
IR Service Retainer
Some organizations might be tempted to avoid the challenges of obtaining and maintaining cyber insurance altogether, instead opting for IR retainers.
However, they are not a stand-in for cyber insurance.
IR retainers help with the cost of incident response, remediation, and restoration – which can help with cost reduction – while cyber insurance gives organizations assurance that some costs associated with the incident (like downtime or ransom) will be recovered. However, both incident response and cyber insurance work together, and organizations should consider both for full protection.
THIS MEANS:
The more an organization can work closely across functions to support cyber risk management and these best practices, it will make organizations more secure and the procurement process more efficient. Customers must demonstrate they’re taking security seriously in order to qualify for coverage or see their annual premiums lowered.
Just Released
The Cyber Insurance Outlook:
How Coverage Is Evolving With the Current Cyber Threat Landscape
Risk never goes away. The fact is, how a company manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance. It’s a difficult, ongoing challenge every corporate board, C-suite and IT department faces. That’s why we surveyed over 500 global IT and corporate executives to gain insights into how they are managing risk to qualify for and obtain cyber insurance.
On-Demand Webinar
Cyber Insurance Renewal Readiness
Air Date: Tuesday, December 5, 2023
Obtaining and maintaining cyber insurance used to be straightforward. But no longer. In today’s complex and changing market, how an organization manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance.
Additional Resources For
Security Leaders
Survey says… cybersecurity continues to evolve at a rapid pace.
In a time of new sophisticated technologies, emerging threats, and a growing attack landscape, it’s never been more important to ensure your organization’s security.
Arctic Wolf is a market leader in security operations. We can help close the gaps in your cybersecurity defences, manage your risks, and provide customized compliance reporting. Ready to learn more?
