The Global State of Cyber Insurance
Risk never goes away. The fact is, how an organization manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance.
Explore highlights from our survey of 500 IT and corporate executives in North America, Europe, and South Africa and gain insights into how they are managing risk in order to qualify and purchase cyber insurance.
Source: Arctic Wolf 2022 Cyber Insurance Survey
Motivations for Obtaining Cyber Insurance
“Over the past two to three years, cyber claims have become more frequent than what was seen in the past. Much of this can be attributed to the growth in cyber vulnerabilities for small to mid-sized businesses…It is essential that companies understand the insurance coverage they have purchased and how it can help.”
Linda Comerford
AVP of Cyber Services and Incident Response at AmTrust
The rise in ransomware incidents and payments are driving the desire for cyber insurance. In many cases, organizations are contractually required by their business partners to maintain certain levels to spread out the risk.
THIS MEANS:
Defending against ransomware is a risk management best practice and a business imperative.
Risk management best-practice
Requirement of other insurance policy
Mandate from board of directors
(Motivations for obtainnig cyber insurance among respondants of the Arctic Wolf 2022 Cyber Insurance Survey)
"Highly touted security controls that are often considered obligatory by cyber insurers, such as data loss prevention and cyber security awareness training, received much lower citations as key motivators."
- Arctic Wolf 2022 State of Cyber Insurance
Expectations of
Coverage
As with any insurance offering, cyber insurance products vary greatly, and often contain exclusions, including more costly and challenging issues such as ransomware. Typical exclusions include wrongful acts that occur prior to coverage; loss of portable devices; security maintenance failures; third-party breaches; bodily injury and property damage resulting from a cyber incident; and war, invasion, and terrorism.
THIS MEANS:
Some enterprises have been required to obtain multiple policies to cover their risk transference goals. Getting your company’s cybersecurity defenses in place and submitting your applications early could help you obtain a policy that meets your coverage expectations.
52% of Survey Respondents:
Expected their cyber insurance coverage to take care of 61%-80% of the costs associated with a data breach.
Expected Cost Coverage
48% of Survey Respondents:
Expected their cyber insurance coverage to take care of 81%-100% of the costs associated with a data breach.
Expected Cost Coverage
"Cover Everything"
By Country
The number of respondents who fall into the “cover everything” category varies by country.
United States and Germany
Canada
South Africa
United Kingdom
Netherlands
Sweden
However, if you exclude ransomware, the “cover everything” numbers change drastically.
Canada
Sweden and South Africa
United Kingdom
United States
Netherlands
Sweden
2 out of every 3 organizations have had their cyber insurance policy for one year or less.
Crucial Controls
Respondents confirmed what insurance carriers and brokers have been asserting: implementing mission-critical cybersecurity controls can lead to lower rates. But there’s a disconnect between carriers’ most commonly required controls and the security controls that have the biggest impact on your organization’s risk — and your cyber insurance rate.
Required by Carriers
Insurance carriers and brokers often require, or at least strongly suggest, security controls that policyholders are expected to have in place in order to maintain their policies. Globally, the top five most common security controls requested by carriers are:
GLOBAL Breakdown
The U.S. and U.K. tend to emphasize VPNs, anti-virus software, and cloud monitoring. Canada and the rest of Europe and South Africa go beyond just those three controls, however, by including firewalls, multi-factor authentication, and vulnerability scanning and management — providing a much broader set of controls to address potential vulnerabilities.
Controls that Impact Risk
However, just because these controls are commonly required, it doesn’t mean they have the biggest impact on your risk or policy rate. When asked which cybersecurity controls had the greatest effect on obtaining or renewing a cyber security insurance policy, respondents cited:
Email filtering
Multi-factor authentication
Cloud monitoring
While not on the required list by insurers to maintain coverage, email filtering is a top security control for reducing risk and thus becoming a better insurance candidate.
THIS MEANS:
While this might seem counter-intuitive, it shows that insurers are more interested in results to lower risk than to simply meet required controls.
Over the past 2-3 years, there’s been a dramatic shift in what security controls are needed to secure a policy, and to what extent those controls need to be deployed, enforced, monitored, etc. And those increase requirements appear to be here to stay
“Although we have seen some recent stabilization in the cyber insurance marketplace, it is not expected that insurance carriers will revert to “pre-2019” underwriting standards where these security control requirements were not demanded uniformly.”
Mario Paez
National Cyber Risk Leader at Marsh McLennan Agency
UPCOMING Webinar Registration
Thursday, December 8, 2022 | 12:00PM ET, 9:00AM PT
The Global State of Cyber Insurance
Risk never goes away.
Get expert insights and predictions about the state of cyber insurance and what you can do to obtain and maintain coverage.
JUST RELEASED!
The Global State of Cyber Insurance
Risk never goes away. The fact is, how a company manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance. It’s a difficult, ongoing challenge every corporate board, C-suite and IT department faces. That’s why we surveyed 500 global IT and corporate executives to gain insights into how they are managing risk to qualify for and obtain cyber insurance.
Additional Resources for Security Leaders
The Real Causes of the Rapid Cyber Insurance Rate Increase
Cyber insurance costs have risen 123% since 2020, discover the two underlying factors driving this increase and what that may mean for brokers.
Cyber Insurance Buyer’s Guide
The changes to the cyber insurance market and tips on how to qualify and maintain coverage.
Five Key Questions And Answers About Cyber Insurance
Cyber insurance is a must-have, but organizations are finding that cyber insurance premiums are more costly, policies are more difficult to obtain, and policies attach more limitations and exclusions than before.
Ready To Get Started?
We’re here to help. Reach out to schedule an introductory call with one of our team members and learn more about how Arctic Wolf can benefit your organization.
