The Global State of Cyber Insurance | 2022

The Global State of Cyber Insurance

Risk never goes away. The fact is, how an organization manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance.

Explore highlights from our survey of 500 IT and corporate executives in North America, Europe, and South Africa and gain insights into how they are managing risk in order to qualify and purchase cyber insurance.

Source: Arctic Wolf 2022 Cyber Insurance Survey

Motivations for Obtaining Cyber Insurance

“Over the past two to three years, cyber claims have become more frequent than what was seen in the past. Much of this can be attributed to the growth in cyber vulnerabilities for small to mid-sized businesses…It is essential that companies understand the insurance coverage they have purchased and how it can help.”

Linda Comerford

AVP of Cyber Services and Incident Response at AmTrust
The rise in ransomware incidents and payments are driving the desire for cyber insurance. In many cases, organizations are contractually required by their business partners to maintain certain levels to spread out the risk.
THIS MEANS:
Defending against ransomware is a risk management best practice and a business imperative.
Animated Graph of 38 percent
Risk management best-practice
Animated Graph of 34 percent
Requirement of other insurance policy
Animated Graph of 26 percent
Mandate from board of directors
(Motivations for obtainnig cyber insurance among respondants of the Arctic Wolf 2022 Cyber Insurance Survey)
quote-icon-white-40-percent.png

"Highly touted security controls that are often considered obligatory by cyber insurers, such as data loss prevention and cyber security awareness training, received much lower citations as key motivators."

- Arctic Wolf 2022 State of Cyber Insurance

"Cover Everything"

By Country

The number of respondents who fall into the “cover everything” category varies by country.
Animated graph 40 percent
United States and Germany
Animated graph 33 percent
Canada
Animated graph 30 percent
South Africa
Animated graph 29 percent
United Kingdom
Animated graph 28 percent
Netherlands
Animated graph 24 percent
Sweden
However, if you exclude ransomware, the “cover everything” numbers change drastically.
Animated graph 42 percent
Canada
Animated graph 38 percent
Sweden and South Africa
Animated graph 32 percent
United Kingdom
Animated graph 30 percent
United States
Animated graph 26 percent
Netherlands
Animated graph 14 percent
Sweden
2 out of every 3 organizations have had their cyber insurance policy for one year or less.

Crucial Controls

Respondents confirmed what insurance carriers and brokers have been asserting: implementing mission-critical cybersecurity controls can lead to lower rates. But there’s a disconnect between carriers’ most commonly required controls and the security controls that have the biggest impact on your organization’s risk — and your cyber insurance rate.
Required by Carriers
Insurance carriers and brokers often require, or at least strongly suggest, security controls that policyholders are expected to have in place in order to maintain their policies. Globally, the top five most common security controls requested by carriers are:

Anti-Virus Software

47%

Virtual Private Networks (VPN)

41%

Cloud Monitoring Software

26%

Firewalls

23%

Multi-factor Authentication (MFA)

19%

GLOBAL Breakdown

The U.S. and U.K. tend to emphasize VPNs, anti-virus software, and cloud monitoring. Canada and the rest of Europe and South Africa go beyond just those three controls, however, by including firewalls, multi-factor authentication, and vulnerability scanning and management — providing a much broader set of controls to address potential vulnerabilities.

Controls that Impact Risk

However, just because these controls are commonly required, it doesn’t mean they have the biggest impact on your risk or policy rate. When asked which cybersecurity controls had the greatest effect on obtaining or renewing a cyber security insurance policy, respondents cited:
Animated pie chart 31 percent
Email filtering
Animated pie chart 27 percent

Multi-factor authentication

Animated pie chart 21 percent
Cloud monitoring
While not on the required list by insurers to maintain coverage, email filtering is a top security control for reducing risk and thus becoming a better insurance candidate.