Panaseer, an enterprise security company, shares data on actions enterprises are willing to take to solve the escalating cyber insurance crisis.
In recent years the cyber landscape has been dominated by a sharp increase in ransomware attacks. According toย SonicWall, ransomware attacks increased 105% in 2021 and Sophos’ report, the “State of Ransomware 2021,” revealed the average ransom paid is nowย $170,404ย but remediation costsย $1.85 million, ten times the size of the ransom payment, on average.
Top iTechnology Cloud News:ย MongoDB Expands Global Collaboration with AWS
The increase in frequency and cost of ransomware attacks has made ransomware a board-level risk and put the cyber insurance industry under extreme pressure. This is evidenced by a recent survey Panaseer conducted with over 1,200 global enterprise security leaders โ over four in five (84 per cent) respondents said their Board now wants to understand their ransomware protection levels. As such, nearly allย (91 per cent) security leaders are reporting their ransomware protection levels to the Board. For 86 per cent of security leaders, ransomware protection is a budgeted 2022 priority.
The proliferation of ransomwareย has led to an increase in the frequency and value of cyber insurance claims. As such, many insurance providers have increased their premium prices and turned away prospects without sufficient cybersecurity precautions.ย According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent.
These changes in cyber insurance practices are putting businesses in a difficult position, asย cyber insurance is fast becomingย a condition for doing business in certainย sectors.ย According to Forrester,ย cyber insurance has even become the price of admission forย the partner ecosystem. To resolve the issue, many insurers will want some form of verification that businesses are taking the correct cyber hygiene measures, so they can more effectively price and allocate cover, akin to the shift that took place in the automobile market with black box car insurance.
Top iTechnology IOT News:ย Senet and GRiT Technologies Bring LoRaWAN IoT Connectivity to Ohio River Valley
Panaseer’s research shows that businesses are willing to make this shift, but they aren’t ready yet. According to Panaseer’s research, all the security leaders would be willing to demonstrate the strength of their cyber programme to cyber insurers, with data-driven metrics, if it meant they could reduce their cyber insurance premium. However, none of them are ready to do this immediately.
Just over a quarter of security leaders (29 per cent) believe they will be ready in the next 12 months, over half (57 per cent) hope to be ready in the next 13-24 months, with 14 per cent not sure when they will be able to share the data. The most prepared industry is financial services (46.5 per cent of respondents would be ready in the next 12 months), followed by healthcare (46 per cent), utilities (27 per cent), life sciences (21 per cent), energy (20 per cent) and lastly retail (13 per cent).
Nik Whitfield, Chairman, Panaseer: “In recent years, Ransomware has been the most high-profile risk in cybersecurity, which is why many Boards are concerned about its potential for disruption and damage.ย Thanks in part to the proliferation of ransomware claims during the Coronavirus pandemic, cyber insurers have also been forced to pay out on underpriced policies, pushing their portfolios towards being loss-making. The result is that the market has hardened, insurers have withdrawn andย it’s much tougher for customers to get insurance at all, let aloneย good value on a policy.
“The current, distressing situation in theย Ukraineย may well increase the cyber risk to companies, making it harder for underwriters to effectively price policies and even harder for companies to buy any cyber insurance cover.
“However, a positive by-product of insurers pushing back, is that it will become another driver for businesses to enhance their cybersecurity measurement. As insurers look to find a way to make cyber protection workable for both parties, organisations will need to improve the way they communicate their security posture. We’re moving towards the era of evidence over opinion, hard data rather than subjective questionnaires.”
Top iTechnology Automatoin News:ย Renesas Releases Next-Generation WPC Qi 1.3-Certified Reference Design for Automotive In-Cabin Wireless Charging
[To share your insights with us, please write toย sghosh@martechseries.com]
