The Global State of Cyber Insurance
Risk never goes away. The fact is, how an organization manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance.
Explore highlights from our survey of 500 IT and corporate executives in North America, Europe, and South Africa and gain insights into how they are managing risk in order to qualify and purchase cyber insurance.
Source: Arctic Wolf 2022 Cyber Insurance Survey
Motivations for Obtaining Cyber Insurance
“Over the past two to three years, cyber claims have become more frequent than what was seen in the past. Much of this can be attributed to the growth in cyber vulnerabilities for small to mid-sized businesses…It is essential that companies understand the insurance coverage they have purchased and how it can help.”
Defending against ransomware is a risk management best practice and a business imperative.
(Motivations for obtainnig cyber insurance among respondants of the Arctic Wolf 2022 Cyber Insurance Survey)
"Highly touted security controls that are often considered obligatory by cyber insurers, such as data loss prevention and cyber security awareness training, received much lower citations as key motivators."- Arctic Wolf 2022 State of Cyber Insurance
Some enterprises have been required to obtain multiple policies to cover their risk transference goals. Getting your company’s cybersecurity defenses in place and submitting your applications early could help you obtain a policy that meets your coverage expectations.
52% of Survey Respondents:
Expected their cyber insurance coverage to take care of 61%-80% of the costs associated with a data breach.
Expected Cost Coverage
48% of Survey Respondents:
Expected their cyber insurance coverage to take care of 81%-100% of the costs associated with a data breach.
Expected Cost Coverage
Virtual Private Networks (VPN)
Cloud Monitoring Software
Multi-factor Authentication (MFA)
The U.S. and U.K. tend to emphasize VPNs, anti-virus software, and cloud monitoring. Canada and the rest of Europe and South Africa go beyond just those three controls, however, by including firewalls, multi-factor authentication, and vulnerability scanning and management — providing a much broader set of controls to address potential vulnerabilities.
Controls that Impact Risk
While this might seem counter-intuitive, it shows that insurers are more interested in results to lower risk than to simply meet required controls.