Is Cyber Insurance Worth The Rising Cost?

This is a guest blog by Michelle Caulfield-Harris from Red Helix

Due to the escalating severity of cyber breaches, the average cost of a single attack in the UK has reached a seven-year high, amounting to £4.56 million. This surge in costs has had a profound effect on both the rates and requirements for cyber insurance. As the frequency and magnitude of payouts have risen, so has the price of cyber insurance, with a 66% increase observed in the third quarter of 2022, following a peak increase of 102% in the first quarter.

In addition to higher costs, insurers are imposing an ever-expanding checklist of prerequisites that organizations must fulfil to qualify for cyber insurance. It is no longer sufficient for companies to merely demonstrate they have taken some action to protect against cybercrime; it is now a mandatory requirement. Companies that cannot prove they have implemented adequate technical solutions and provided cyber security training to safeguard their networks may be denied coverage or have their claims rejected.

For businesses, this raises important questions. First, what are the eligibility criteria for cyber insurance, and what does it cover? Second, given the enhanced security measures required to qualify for coverage, is the cost of cyber insurance justified?

Eligibility for Cyber Insurance

Obtaining cyber insurance has become increasingly challenging and requires businesses to demonstrate robust security measures. While the specific requirements may vary, there are universal security measures that every business seeking insurance must have in place:

Endpoint Detection and Response (EDR): With the growing number of endpoints, EDR is essential to monitor, discover, investigate, and respond to threats across a network of devices.

Multi-Factor Authentication (MFA): MFA for business networks, emails, and applications is a common requirement for insurers.

Separate Backups: In the face of advanced attacks, having multiple backups in different locations is a prerequisite for cyber insurance.

Cyber Awareness Training: Regular training and assessment for employees to mitigate the risk of breaches through social engineering attacks are expected by insurers.

Penetration and Stress Testing: Demonstrating the ability of cybersecurity tools to withstand threats is crucial to insurers.

Zero Trust Network Access (ZTNA): While not yet universal, ZTNA is gaining popularity as a secure network access solution.

Is Cyber Insurance Worth It?

The value of cyber insurance depends on the specifics of the policy, including coverage, stipulations, limits, and the premium cost. 

However, what is unquestionably valuable is maintaining robust cyber security measures that meet eligibility requirements for insurance. As the threat landscape evolves, businesses must adapt their security measures to protect themselves, their partners, and their customers. Cyber insurance requirements should not be the baseline for security; instead, they indicate the need to reassess protection levels.

The Bottom Line

In a landscape where cyber threats continue to evolve, evolving security measures is imperative for businesses' safety and the security of their partners and customers.