Three-quarters of insurers across the US and UK agree that their inability to accurately understand customers' security posture is impacting cyber insurance price increases, a survey has uncovered.
The poll of 400 decision makers in cyber insurance also found that 82% expect premiums to continue to rise, with 78% citing the cost of ransomware attacks as a leading driver.
The largest average ransom pay-outs by insurers in the last two years cost £3.26m in the UK, and $3.52m (£2.93m) in the US, with the latter accounting for 53% of all ransomware attacks globally.
To help tackle the issue, 87% of insurers said that they want a consistent approach to analysing cyber risk, and 89% want direct access to customer security metrics and measures proving the status of security controls.
Andreas Wuchner, a cybersecurity expert and advisor to security firm Panaseer, which carried out the research, said that metrics and measures will “absolutely” have a bigger role in cyber insurance going forward.
“There is a new market developing where insurers will offer a reduction on pricing if you provide a quarterly report through a specific security platform, because they know it’s a good product that helps to improve cyber hygiene,” he continued.
“It is likely we will see the old way of doing cyber insurance coming under pressure, as there are smaller, more agile organisations capable of doing more and offering support.”
The findings also show that it is now the manufacturing, financial services and healthcare industries that are making the most cyber insurance claims.
Furthermore, the research found that 40% of insurers across the UK and US believe that cloud security is the most important factor when assessing a potential customer’s security posture.
This is closely followed by security awareness, application security, vulnerability management, privileged access management and patch management, highlighting that insurers expect to see evidence of a layered, multi-faceted approach to cybersecurity.
“Unfortunately there are no optional security measures”, said Nik Whitfield, founder and chairman of Panaseer. “Insurers expect organisations to have good cyber hygiene across a broad spectrum of security areas, both on-premise and cloud environments, with the evidence to prove it.
“That’s why transparent data and security automation is so important, because it’s hard for any organisation to be perfect at all these technical disciplines.”
Image credit: iStock
Author: Chris Seekings