Reducing Your Cyber Insurance Premiums

Insights into Cyber Insurance Market Trends and Ransomware

In this blog, we cover:

  • Ransomware and Cyber Insurance
  • The Latest Market Trends in Cyber Insurance
  • How to Reduce Your Cyber Insurance Premiums

Understanding the Relationship Between Cyber Insurance and Ransomware

A popular debate in the cyber insurance sector is whether cyber insurance is a factor in the number of ransom payments. It is sometimes suggested that having cyber insurance can incentivise organisations that have fallen victim to ransomware attacks to opt for ransom payments rather than exploring alternative remediation avenues.

A comprehensive year-long research initiative, led by the Royal United Services Institute (RUSI) in collaboration with esteemed institutions — the University of Kent, De Montfort University, and Oxford Brookes University — concludes that there is insufficient evidence to support the claim that cyber insurance significantly increases the likelihood of ransom payments.

Top Three Research Insights:

  1. Ransomware threats aren’t going away – Despite governmental and law enforcement efforts, ransomware is still a common threat. This is because it remains profitable for cyber criminals, with a low-cost entry for the criminal with high potential rewards. Organisations also face challenges in effectively securing their organisation, and this trend is seen across organisations of all sizes.
  2.  Having Cyber Insurance doesn’t increase risk – Although there are claims that ransomware operators strategically target insured organisations, the research found that these claims are exaggerated.
  3. Don’t Rush to Pay – Payment doesn’t guarantee that you’ll get all of your data back, and it keeps ransomware profitable for cyber criminals. The research instead promotes good cyber hygiene to prevent cyber attacks and the adoption of industry-wide standards.

Are Ransom Payments the Problem?

The research doesn’t call for a complete ban on ransom payments or stopping insurers from providing coverage for them. Instead, it emphasises interventions that enhance market-wide ransom discipline, reducing the number and size of ransom payments.

The study also highlighted the growing role of cyber insurance in elevating cyber security standards, and how it is contributing to the broader resilience against cyber threats.

The Ever-Changing State of the Cyber Insurance Market

With an alarming surge of ransomware and phishing attacks in 2020, there were unprecedented losses for cyber insurers. As a result, the cyber insurance landscape has changed drastically over the last few years and has had knock-on effects for many organisations.

The Rising Cost of Cyber Insurance

In response to the escalating risks, cyber insurers took strategic measures to address the financial impact. The Betterley Report highlights a notable trend of premium increases throughout 2021, 2022, and 2023. Insurers, who were faced with mounting challenges, often adjusted premiums by significant margins, ranging from 50% to 100%.

Complex Risk Assessments

The process of applying for cyber insurance has only gotten harder. The Sophos Cyber Insurance Report found that 47% of organisations found the process more complex. Many insurers have revamped their risk assessments, requiring detailed questionnaires that deep dive into an organisation’s cyber security practices and defences.

Stricter Underwriting and Coverage Adjustments

Insurers are adopting stricter criteria, making it harder for organisations to qualify for coverage. Alongside this, there have been significant coverage adjustments to align policies more closely with the evolving nature of cyber threats. The Sophos Cyber Insurance Report highlights this trend with 40% of organisations reporting that fewer companies offer coverage.

Reducing Your Cyber Insurance Premium

There are several steps that organisations can take to better protect against cyber threats. Bolstering your cyber defences can make it easier to get cyber insurance, and could even lead to reduced cyber insurance premiums. These can be broken down into two main approaches: detecting and protecting.

Detect Your Cyber Weaknesses

The first step is to understand what security risks your organisation faces and how well prepared your organisation is.

Cyber Security Posture Assessment

Looking at ten key areas your organisation should be focusing on, backed by National Cyber Security Centre (NCSC) guidance for UK SMEs.

Taking less than half an hour to complete, our Posture Assessment is completely free, and will review the most relevant aspects of your security posture.

Learn More and Start Your Free Assessment

Penetration Testing and Vulnerability Assessments

Penetration Testing is a way to identify vulnerabilities before attackers do, evaluate how effectively you can respond to security threats, assess your compliance with security policies, and improve the level of security awareness amongst your staff.

Protect Your Organisation

Once you have a clear understanding of your cyber strengths and weaknesses lie, the next step is to protect your organisation. The Sophos Cyber Insurance Report found that almost all organisations (97%) with cyber insurance have made changes
to their cyber defences to improve their insurance position.

Cyber Essentials

Cyber Essentials certified SMEs are 60% less likely to need to make a claim on Cyber Insurance.

Cyber Essentials is a government-backed initiative to help businesses just like yours to protect against the most common cyber threats.

Additionally, fostering a culture of cyber security awareness among employees is a formidable and crucial first line of defence, as social engineering and phishing are still amongst the most effective and common vectors for ransomware attacks.

CyberLab Control – Cyber Security as a Service

A single dashboard for all your cyber security needs. Protect your business from cyber threats with CyberLab Control – Cyber Security as a Service that delivers a suite of tools with expert guidance and support, all wrapped up in a user-friendly portal.

Managed Detection and Response

Organisations should also consider implementing advanced technologies for threat detection or partnering with a Managed Security Services Provider (MSSP) for services such as Managed Detection and Response (MDR).

Few organisations have the right tools, people, and processes in-house to manage their security program around-the-clock while proactively defending against new and emerging threats.

Unlike other MDR services which simply notify you of suspicious events, Sophos MDR provides an elite team of threat hunters and response experts to take targeted actions on your behalf to neutralise even the most sophisticated threats.

Take a look at the recent fireside chat hosted by Sophos with Measured Insurance for more insight into the positive relationship between MDR services and cyber insurance.

In Conclusion

Cyber threats aren’t going away, and the cost of cyber insurance is likely to continue to rise as the cover it offers decreases. Organisations should look to prevent cyber attacks by improving their cyber security, and as a result will also benefit from lower insurance premiums.

Detect. Protect. Support.

Free Posture Assessment

Understand your security risks and how to fix them.

Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.

Claim your free 30-minute guided posture assessment with a CyberLab expert.

Leave a Reply

You must be logged in to post a comment.