According to a recent survey conducted by enterprise security company, Panaseer, the largest ransomware pay-outs by cyber insurers in the last two years has averaged £3.26 million in the UK and $3.52 million in the US.
The company recently released its latest report on the state of the cyber insurance industry, which highlighted the responses from the survey.
The survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer’s security posture is impacting price increases.
With the cyber landscape consistently evolving, ransomware is now considered to be the greatest cyber threat to the UK, while the US was the most targeted region in 2021, accounting overall for 53% of all ransomware attacks globally. Recent data compiled by analysts at Fitch Ratings showed that ransomware attacks are even becoming a growing risk for US Corporates.
However, to help combat the ransomware crisis, Panaseer found that 87% of insurers want a consistent approach to analysing cyber risk, and 89% want direct access to customer security metrics and measures proving the status of security controls.
Andreas Wuchner, a cybersecurity and risk expert and advisor to Panaseer, said: “Metrics and measures will absolutely have a bigger role in insurance. There is a new market developing where insurers will offer a reduction on pricing if you provide a quarterly report through a specific security platform, because they know it’s a good product that helps to improve cyber hygiene. It is likely we will see the old way of doing cyber insurance coming under pressure, as there are smaller, more agile organisations capable of doing more and offering support.”
Meanwhile, whilst premiums have risen and policies have tightened over the last five years, Panaseer’s research found that it is now the manufacturing, financial services and healthcare industries that are making the most cyber insurance claims.
The survey also showed that 40% of insurers across the UK and US believe that cloud security is the most important factor when assessing a potential customer’s security posture. This is closely followed by Security Awareness (36%), along with Application Security (32%), Vulnerability Management (31%), Privileged Access Management (31%) and Patch Management (30%), which highlights that insurers expect to see evidence of a layered, multi-faceted approach to cybersecurity.
Nik Whitfield, Founder and Chairman of Panaseer, commented: “Unfortunately there are no optional security measures. Insurers expect organisations to have good cyber hygiene across a broad spectrum of security areas, both on-premise and cloud environments, with the evidence to prove it. That’s why transparent data and security automation is so important, because it’s hard for any organisation to be perfect at all these technical disciplines.”
Furthermore, results from the survey also showed that even if the current rate of cyber-attacks remains the same, the vast majority of respondents (84%) claim their organisations would continue to offer cyber insurance over the next three years.
Lastly, 47% of total respondents said they are ‘very confident’ in their underwriting process, 44% are only ‘somewhat confident’, and 9% said they were ‘not that confident’ or ‘not at all confident’, rising to 15% among UK respondents.