The largest ransom pay-outs by cyber insurers averaged £3.2m in the past two years
July 12, 2022
As cyber insurance becomes increasingly expensive, insurers in the UK and US are calling for more consistency, transparency and the ability to understand customers’ security posture in the wake of the ransomware crisis.
12 July, 2022, London and New York – Panaseer, an enterprise security company, today released its latest report on the state of the cyber insurance industry. The survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer’s security posture is impacting price increases. Insurers also see the increasing cost of ransomware as a leading factor (78%) affecting premium rises, with largest ransom pay-outs by insurers in the last two years averaging £3.26m in the UK and $3.52m in the US.
The cyber landscape is continuously evolving. Ransomware is now considered the greatest cyber threat to the UK, while the US was the most targeted region in 2021, accounting for 53% of all ransomware attacks globally. To help combat the ransomware crisis, Panaseer found that 87% of insurers want a consistent approach to analysing cyber risk, and 89% want direct access to customer security metrics and measures proving the status of security controls.
As explained by Andreas Wuchner, a cybersecurity and risk expert and advisor to Panaseer, “Metrics and measures will absolutely have a bigger role in insurance. There is a new market developing where insurers will offer a reduction on pricing if you provide a quarterly report through a specific security platform, because they know it’s a good product that helps to improve cyber hygiene. It is likely we will see the old way of doing cyber insurance coming under pressure, as there are smaller, more agile organisations capable of doing more and offering support.”
As premiums have risen and policies have tightened over the last five years, Panaseer’s research found that it is now the manufacturing, financial services and healthcare industries that are making the most cyber insurance claims. The research also found that 40% of insurers across the UK and US believe that cloud security is the most important factor when assessing a potential customer’s security posture. Yet, this is closely followed by Security Awareness (36%), along with Application Security (32%), Vulnerability Management (31%), Privileged Access Management (31%) and Patch Management (30%), highlighting that insurers expect to see evidence of a layered, multi-faceted approach to cybersecurity.
“Unfortunately there are no optional security measures”, says Nik Whitfield, Founder and Chairman of Panaseer. “Insurers expect organisations to have good cyber hygiene across a broad spectrum of security areas, both on-premise and cloud environments, with the evidence to prove it. That’s why transparent data and security automation is so important, because it’s hard for any organisation to be perfect at all these technical disciplines.”
Additional key findings from the research include:
- The increasing sophistication of cyber threat actors is another leading cause (73%) of rising premiums for cyber insurance, alongside the increased threat from cyber-attacks targeting software supply chains (79%), the cost of ransomware and the inability to accurately understand a customer’s security posture.
- Even if the current rate of cyber-attacks remains the same, the vast majority (84%) of respondents claim their organisations would continue to offer cyber insurance over the next three years
- While 47% of total respondents said they are ‘very confident’ in their underwriting process, 44% are only ‘somewhat confident’. Furthermore, 9% said they were ‘not that confident’ or ‘not at all confident’, rising to 15% among UK respondents.
For more detailed survey results, click here.