The Global State of Cyber Insurance | 2022

The Global State of Cyber Insurance

Risk never goes away. The fact is, how an organization manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance.

Explore highlights from our survey of 500 IT and corporate executives in North America, Europe, and South Africa and gain insights into how they are managing risk in order to qualify and purchase cyber insurance.

Source: Arctic Wolf 2022 Cyber Insurance Survey

Motivations for Obtaining Cyber Insurance

“Over the past two to three years, cyber claims have become more frequent than what was seen in the past. Much of this can be attributed to the growth in cyber vulnerabilities for small to mid-sized businesses…It is essential that companies understand the insurance coverage they have purchased and how it can help.”

Linda Comerford

AVP of Cyber Services and Incident Response at AmTrust
The rise in ransomware incidents and payments are driving the desire for cyber insurance. In many cases, organizations are contractually required by their business partners to maintain certain levels to spread out the risk.
Defending against ransomware is a risk management best practice and a business imperative.
Animated Graph of 38 percent
Risk management best-practice
Animated Graph of 34 percent
Requirement of other insurance policy
Animated Graph of 26 percent
Mandate from board of directors
(Motivations for obtainnig cyber insurance among respondants of the Arctic Wolf 2022 Cyber Insurance Survey)

"Highly touted security controls that are often considered obligatory by cyber insurers, such as data loss prevention and cyber security awareness training, received much lower citations as key motivators."

- Arctic Wolf 2022 State of Cyber Insurance

"Cover Everything"

By Country

The number of respondents who fall into the “cover everything” category varies by country.
Animated graph 40 percent
United States and Germany
Animated graph 33 percent
Animated graph 30 percent
South Africa
Animated graph 29 percent
United Kingdom
Animated graph 28 percent
Animated graph 24 percent
However, if you exclude ransomware, the “cover everything” numbers change drastically.
Animated graph 42 percent
Animated graph 38 percent
Sweden and South Africa
Animated graph 32 percent
United Kingdom
Animated graph 30 percent
United States
Animated graph 26 percent
Animated graph 14 percent
2 out of every 3 organizations have had their cyber insurance policy for one year or less.

Crucial Controls

Respondents confirmed what insurance carriers and brokers have been asserting: implementing mission-critical cybersecurity controls can lead to lower rates. But there’s a disconnect between carriers’ most commonly required controls and the security controls that have the biggest impact on your organization’s risk — and your cyber insurance rate.
Required by Carriers
Insurance carriers and brokers often require, or at least strongly suggest, security controls that policyholders are expected to have in place in order to maintain their policies. Globally, the top five most common security controls requested by carriers are:

Anti-Virus Software


Virtual Private Networks (VPN)


Cloud Monitoring Software




Multi-factor Authentication (MFA)


GLOBAL Breakdown

The U.S. and U.K. tend to emphasize VPNs, anti-virus software, and cloud monitoring. Canada and the rest of Europe and South Africa go beyond just those three controls, however, by including firewalls, multi-factor authentication, and vulnerability scanning and management — providing a much broader set of controls to address potential vulnerabilities.

Controls that Impact Risk

However, just because these controls are commonly required, it doesn’t mean they have the biggest impact on your risk or policy rate. When asked which cybersecurity controls had the greatest effect on obtaining or renewing a cyber security insurance policy, respondents cited:
Animated pie chart 31 percent
Email filtering
Animated pie chart 27 percent

Multi-factor authentication

Animated pie chart 21 percent
Cloud monitoring
While not on the required list by insurers to maintain coverage, email filtering is a top security control for reducing risk and thus becoming a better insurance candidate.
While this might seem counter-intuitive, it shows that insurers are more interested in results to lower risk than to simply meet required controls.
Over the past 2-3 years, there’s been a dramatic shift in what security controls are needed to secure a policy, and to what extent those controls need to be deployed, enforced, monitored, etc. And those increase requirements appear to be here to stay
“Although we have seen some recent stabilization in the cyber insurance marketplace, it is not expected that insurance carriers will revert to “pre-2019” underwriting standards where these security control requirements were not demanded uniformly.”

Mario Paez

National Cyber Risk Leader at Marsh McLennan Agency


The Global State of Cyber Insurance

Risk never goes away. The fact is, how a company manages risk will ultimately dictate their risk profile and their ability to obtain and maintain cyber insurance. It’s a difficult, ongoing challenge every corporate board, C-suite and IT department faces. That’s why we surveyed 500 global IT and corporate executives to gain insights into how they are managing risk to qualify for and obtain cyber insurance.

Additional Resources for Security Leaders

Two people standing over a table looking at data.

The Real Causes of the Rapid Cyber Insurance Rate Increase

Cyber insurance costs have risen 123% since 2020, discover the two underlying factors driving this increase and what that may mean for brokers. 
Data center doors

Cyber Insurance Buyer’s Guide

The changes to the cyber insurance market and tips on how to qualify and maintain coverage.
Forrester® logo on abstract blue report background

Five Key Questions And Answers About Cyber Insurance

Cyber insurance is a must-have, but organizations are finding that cyber insurance premiums are more costly, policies are more difficult to obtain, and policies attach more limitations and exclusions than before.

Ready To Get Started?

We’re here to help. Reach out to schedule an introductory call with one of our team members and learn more about how Arctic Wolf can benefit your organization.