The rigors of qualifying for cyber insurance mean better defenses for the organization
The continued evolution of cyberattacks—and the growing threat they pose to businesses—inspired insurance innovators to invent a category for cyber. As an emerging submarket, the cyber insurance industry has had growing pains, with higher rates and restricted coverage keeping some organizations from buying. But that’s changing. The market has become increasingly buyer-friendly with more capacity and competition driving rate decreases.
Insurers Get Personal
But despite lower rates, many customers continue to see a rise in costs. Why? Because cyber insurance is getting personal. According to a Delinea report, “Not everyone gets the same insurance rate. Your rate is determined based on how risky the insurance company views you…Your risk is influenced by factors such as your technology stack, security controls, and history.”1 Like auto insurance, cyber insurance is fast becoming incentivized to encourage “good behavior.”
Reduced Risk = Better Insurance Outcomes
To qualify for insurance policies and exact the lowest rate possible, reduce risk. Organizations that successfully update their security capabilities see an advantage: 99.6% of those who invested in security controls saw a positive impact on their cyber insurance position.5 Benefits can include initial qualification, more favorable terms and pricing, and higher coverage limits.
Cyber Insurance Is Driving Positive Change
While Warren Buffett hasn’t bought into cyber insurance as a stable investment (yet),6 those of us steeped in technology and cyber spaces may measure pros and cons differently. Early reports show that cyber insurance customers are outpacing non-policy owners when it comes to keeping their businesses secure. The checklist to qualify for (reasonable) insurance rates is rigorous and ominous but can pay off in stronger defenses. Companies with coverage fare better in detection, response, and recovery.7 Forrester showed that 25% of global companies with standalone coverage were able to detect and respond to incidents in seven days or less, compared with only 19% of businesses with no coverage.8
Insurance Benefits for Compliance
Cyber insurance benefits can also include compliance support. Regulations such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the United States have put businesses in the hot seat for responsible data management and protection. Insurance benefits can cover regulatory fines and penalties, legal expenses, breach response and notification costs, and even reputation management after an event.
Raising the Bar on Recoverability
As the cyber insurance industry has matured, so has its scrutiny of how insurable a company is. Not only are security controls required, but they are beginning to hold companies accountable for their ability to recover quickly in the event of a successful attack—which insurance providers have learned is a “when, not if” proposition. On the flip side, for those deemed worthy of a policy, cyber insurance can help with recovery costs, which can include forensic investigations, data recovery, and system damage repair.
AI Is the New Bacon—It Makes Everything Better
Well, maybe not everything, but certainly cyber insurance. As insurers get more stringent and costs rise for many organizations, AI adoption can positively affect insurance rates. Fifty percent of organizations said their company was able to negotiate a lower cyber insurance rate by leveraging AI for purposes such as threat detection and monitoring.9
Useful Security Synergies
To use a common metaphor, if cybersecurity and cyber insurance are two legs of a stool, compliance can be viewed as the third. All three areas are synergistic, with improvements in one area driving positive change in the other two, creating a multiplier effect and strengthening an organization’s overall security posture.
Cyber insurance may only be 1% of the overall insurance market,10 and it’s far from perfect with some threats still not covered,11 but it’s early days yet, and this subsector is likely here to say.
- Legal Dive, Companies lean on AI in push to curb cyber insurance costs, Sept 2024
- S&P Global, Global Cyber Insurance: Reinsurance Remains Key To Growth, Aug 2023; referring article: Legal Dive, Companies lean on AI in push to curb cyber insurance costs, Sept 2024
- Omdia, commissioned by At-Bay, InsurSec Can Drive An Effective Proactive Security Strategy, Aug 2024
- Legal Dive, Companies lean on AI in push to curb cyber insurance costs, Sept 2024
- Risk & Insurance, Cyber Insurance Provides Both Carrot and Stick for Cyber Security, July 2024
- CNBC, Warren Buffett is worried about potential for ‘huge losses’ in booming, but still tiny insurance market, June 2024
- Forrester quote by Heidi Shey, Cybersecurity Dive, Insurance coverage drives cyber risk reduction for companies, researchers say, Aug 2024
- Forrester, The State of Cyber Insurance 2024, Aug 2024; referring article: Cybersecurity Dive, Insurance coverage drives cyber risk reduction for companies, researchers say, Aug 2024
- Legal Dive, Companies lean on AI in push to curb cyber insurance costs, Sept 2024
- CNBC, Warren Buffett is worried about potential for ‘huge losses’ in booming, but still tiny insurance market, June 2024
- Risk & Insurance, Cyber Insurance Market Growth Hindered by Uninsured Risks, April 2024