Cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims, said a report from cybersecurity company Panaseer released this week.
The 2022 Cyber Insurance Market Trends Report found a lack of confidence in underwriting processes. Only 44% of insurers said they were very confident in evaluating cyber risk, with 46.5% warning that they were somewhat confident and almost one in 10 admitting that they were ‘not that confident’ in their underwriting capabilities for cyber insurance.
Cloud security topped the list of factors when assessing a client’s security posture at 40%, according to the report. Security awareness and application security came next. Identity access management and endpoint detection and response – typically vital factors in avoiding phishing attacks and malware infection – came last, with just one in four cyber insurance companies considering these as important factors.
Almost nine in 10 insurers called for a consistent industry approach to evaluate client cyber risk. In the US, requiring more detailed evidence of a client’s security posture topped the list of risk assessment changes that insurers are planning over the next two years.
Reducing customer numbers was the second most likely measure. The report warned that cyber insurers are beginning to avoid offering cover for ransomware attacks. One in 10 UK respondents said they would exit the cyber insurance market within three years unless they could change their risk assessment methods.
The report cited a 27% increase in the cost of ransomware claims during the last two years, resulting in large payouts from insurers. The largest ransom paid by an insurer in the UK during that period was £3.26m, while the largest in the US was $3.52m.
Manufacturing companies made the most cyber insurance claims, according to the study, followed by financial services and healthcare.
Panaseer surveyed 400 global insurers along with CISOs and risk experts to produce the study.
You can also read this: EDF Under Scrutiny Over Cybersecurity Record