Cyber Insurance: Is Your Business Prepared For The Second Wave?

Share :

The cyber insurance market has matured rapidly over the past two years in the face of ever-evolving risk.

Factors such as increased ransomware activity, ballooned claims frequency and loss severity, coupled with soaring market demand have brought us to what is referred to as the “second wave” of cyber insurance — a revolution in the way businesses are evaluated, underwritten and protected.

“It’s the challenge of getting organizations to understand that, while they may not be the target of a targeted, big attack, certainly there are targets of opportunity. And that can be anybody. Smaller organizations may have lower security awareness and posture, but also the adversary knows they’re low hanging fruit.” – Kirsten Bay, CEO and Co-founder, Cysurance.

The once “soft” cyber insurance market now has shifted its focus toward better understanding cyber attack exposure and improved risk selection. Nearly every stakeholder in the cyber insurance market – reinsurance, underwriters or brokers – is narrowing in on key initiatives they need to perform to achieve their desired business outcomes within the current threat landscape.

Where does this leave potential policyholders? This data-backed market shift requires more sophistication of cyber exposure evaluation, scanning, risk management strategy and powerful partnerships that keep customers protected throughout their entire policy period.

The Growing Danger of External Exposure

In the first half of 2022, 81% of network intrusion incidents stemmed from external exposure. This is when an attacker exploited a system exposed to the public internet and gained access to the victim’s network or data. This is the easiest method by which threat actors find their victims, deploy ready-made exploits and carry out countless attacks via automated tools. For this reason, external exposure is easily the most impactful factor to control when protecting networks and qualifying for insurance.

But some types of external exposures are more prevalent than others.

In the first half of 2022, 56% of all external exposures were caused by external exploits, in which a threat actor used a known vulnerability to gain access to the network before the internal organization could patch their system. These external exploits cost victim organizations 54% more than compromises caused by user action, which should lead security and IT leaders to prioritize patching and proactively addressing vulnerabilities in 2023. There’s good reason for this — nearly 1 in 4 organizations were targeted with a Log4Shell exploitation attempt since January 2022, one of the highest-profile exploits in recent memory.

Cyber insurance guide.

Managing External Exposure

Managing external exposure requires several practices, including an up-to-date understanding of the threat landscape, installing security patches, enforcing multi-factor authentication on remote access tools, and proper configuration being among them.

To effectively address the exposure, many organizations, including the carriers reviewing their insurance application, have turned to external scanning technologies to find their potential network entries before threat actors do. Since we know attackers are scanning the public internet for their opportunities, policyholders and carriers are now using the same methods to protect precisely what’s targeted by threat actors.

Underwriters in particular are more in alignment with this threat landscape than ever before. Insurance applications now require specific technical controls, their proof of performance and more sophisticated, sustainable practices than in previous policies.

In this second wave of cyber insurance, many organizations may find themselves with immediate disqualifiers, or cyber security practices that are no longer insurable in the face of the latest threats. This dynamic between highly refined policy language and less experienced cyber policyholders leaves the market at large with a wide protection gap.

To close this protection gap, organizations can work closely with their insurance broker and security partners to evaluate, implement, and effectively communicate the organization’s security posture to underwriters.

With strong partnerships connecting brokers, clients and their security services, the proper security controls – including immediate disqualifiers and more sophisticated solutions – not only can be implemented, but organizations can realize enhanced insurance terms, including broader coverage, reduced deductibles (retention), higher limits or lower premiums.

With the right partners in place, the second wave of cyber can bring about a revolution in how organizations can learn about their external exposure, close their security gaps and rely on trusted security experts to keep their protections in place. As the insurance market continues to demand more sophisticated security from organizations, cyber exposure evaluation, scanning, threat intel-led risk management strategies, and powerful partnerships will bring us all closer to ending cyber risk.

When data breaches or cyber incidents occur, respond faster, and emerge stronger with Arctic Wolf Incident Response

This blog was originally posted at

Kevin Kiser

Kevin Kiser

Kevin Kiser is Senior Director of Strategy for Insurance Solutions at Arctic Wolf. As a former insurance broker (still licensed!), Kevin works intimately with partners, clients and fellow Wolves to support new product, program and distribution development that aligns cyber security and insurance programs to streamline adoption and maximizes client benefits in pursuit of ending cyber risk.
Share :
Table of Contents
Subscribe to our Monthly Newsletter