Cyber Insurers Focus on Required Minimum Defenses as Premiums Double
Recent attacks are helping cyber insurers better understand what security strategies need to be in place and how to price policies based on the risk those policies cover.
Remember, insurance companies are in business to stay in business. That means that while they are willing to share the risk with your organization, they’re not in the business of paying out on a claim without a fight. And because that’s not a good look for cyber insurers, it makes more sense for them to be proactive and do one or more of the following:
- Help to reduce the risk of attack by establishing what cyber defenses must be in place.
- Price policies across the board correctly, so there’s enough revenue to cover the percentage of claims that should be paid.
- Limit what attack scenarios are covered – sometimes specific down to the kind of attack, the role of the attacker, the role of internal employees in the attack, etc.
According to a recent Wall Street Journal article, cyber insurers are getting savvy at limiting risk. With premiums rising by 92% in 2021, according to reinsurance company Swiss Re, the focus now is on the impact an attack could have. Insurers are looking at which cloud providers the insured use and possibly requiring insureds to hold capital in reserve for worst-case scenarios.
In other words, cyber insurers are learning about the nature of cyber risk. While news of premiums hiking isn’t pleasing, in the end, it may be a necessary step until there’s enough data for insurers to determine what the risk reality looks like.
Until then, it’s up to organizations to continue to put up strong cyber defenses designed to keep attackers from succeeding – something that should include Security Awareness Training and possibly outsourced cybersecurity management.
Information used in this article was provided by our partners at KnowBe4.