Why tougher cyber insurance rules could be a game changer


As ransomware attacks continue to gain steam, companies are recognizing the need to obtain cyber insurance. But as the nature of such attacks keeps evolving, along with shifts in the overall security market, there’s much to consider. 

In a recent report from Sophos, Dr. Jason R.C. Nurse, associate professor in cyber security at the University of Kent, explored three key trends that will impact the future nature of cyber insurance: 

Trend 1: The market will harden further (and that might be good) 

As more companies fall victim to ransomware and other attacks, cyber insurance is getting more expensive, and insurers are making companies go through more hoops. The good news is that insurers can play a big role in nudging companies toward better cyber risk management. 

“Once, fierce competition in the cyber insurance market meant businesses could often choose a competing provider with lower security requirements,” Nurse wrote. “Now that’s not so easy – and insurers’ influence over cyber practices could grow as a result.” 

Trend 2: More insurers are offering pre-breach security support 

A growing number of insurers are offering preventative cybersecurity support to reduce the chances of a breach. This adds value for the customer while reducing their own risk. It’s especially attractive for businesses with less formidable security resources that may not already have these measures in place, Nurse wrote in the report. 

Trend 3: Data collaboration could reveal dynamic risk details 

Cyber insurers need more data to quantify risks – and they’re building partnerships to get it. The result could be a more accurate and dynamic view of the immediate threat landscape. 

“Enhanced risk data could turn insurers’ security questions and requirements into a dynamic checklist helping businesses to tackle immediate threats,” Nurse wrote. “But be wary of focusing your defenses too narrowly.” 

In addition to Nurse’s report, the Sophos Guide to Cyber Insurance provides an overview into the state of the cyber insurance market and explains the different ways that cybersecurity can positively impact your insurance.  

That report, further outlined in this Naked Security article, outlines how having strong cyber defenses in place can help companies acquire the proper insurance. Naked Security’s Sally Adam offered these examples: 

  • Advanced protection is increasingly a requirement in order to get cyber coverage -- the building blocks of which include managed detection and response (MDR) services, endpoint or extended detection and response (EDR/XDR) technologies, and next-gen endpoint protection. 
  • Multi-factor authentication has quickly become a prerequisite for coverage, with insurers looking to ensure some of the most common security gaps are closed before they absorb the risk. 
  • Good cybersecurity can also help keep premiums down in the long term: by minimizing your risk of being impacted by a cyberattack you reduce the likelihood that you’ll need to call on your policy – and keep your policy renewal costs down. 
Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.