The frequency of businesses filing multiple claims under their cyber insurance policies is on the rise. However, these policies are becoming costlier and offering reduced coverage.

In response to a surge in cyber incidents and the associated financial impact, insurance companies have elevated premiums and curtailed coverage, necessitating a reassessment of cyber insurance policies by organizations. This change highlights the dynamic nature of cyber threats and underscores the importance of companies ensuring they possess sufficient coverage to mitigate potential financial losses resulting from a cyberattack or security breach.

The “2023 State of Cyber Insurance” report from access-management firm Delinea reveals that, despite facing substantial premium increases of over 50% for 69% of surveyed companies in the past year, organizations are opting to maintain their cyber insurance policies. This trend reflects the recognition among businesses of the persistently evolving cybersecurity landscape and the importance of having adequate coverage in place. Furthermore, the report highlights that the rising cost of premiums and more stringent policy terms are mainly attributable to the fact that 80% of companies have filed at least one claim with their cyber insurance provider, with 47% having made multiple claims. These statistics underscore the necessity for companies to continuously evaluate their cyber insurance coverage and allocate sufficient budget resources to accommodate premium hikes.

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, notes that insurers have revised their pricing and premiums due to growing costs driven by frequent and impactful cyber incidents, particularly data breaches. This adaptation is crucial to align insurance policies with the increased cyber risks, ensuring their viability in the evolving threat landscape.

The cyber insurance landscape is undergoing a major transformation, marked by substantial premium hikes and reduced coverage. Just five years ago, insurers enjoyed a 32% loss ratio, meaning they paid out $32 in claims for every $100 in premiums earned. However, today, this ratio has jumped to 66%, reflecting a more challenging environment. Despite this, it still aligns with the profit margins seen in homeowner’s insurance premiums.

Coverage Concerns Grow

Cyber insurance has evolved from being seen as a catch-all solution to a more stringent and nuanced field. Many policies now require specific security protocols (43%), coverage may be voided after insider attacks (38%), and reporting incidents to the insurer first is often mandated (31%), according to the Delinea report. Smaller businesses with tighter security budgets face more difficulty in obtaining coverage, with 28% of small-business applicants being denied compared to 8% of larger companies. Despite premium increases, 81% of business leaders are budgeting for cyber insurance, a slight drop from 94% in 2022.

Enhanced Security Measures Driven by Cyber Insurance Applications

Many companies are finding a compelling reason to either invest in or maintain their cyber insurance policies, and it stems from the insurance application process and the stringent requirements set by insurers. The push for cyber insurance has prompted organizations to become more vigilant about their cybersecurity.

According to Delinea’s Carson, nearly all companies (96%) have acquired at least one new security solution to meet the criteria for policy approval from their insurers.

Carson notes that insurance providers have evolved, leveraging improved data and insights to identify the necessary measures for enhancing business resilience against cyberattacks. Consequently, their policies now demand better cybersecurity practices from companies as a prerequisite for insurability.

Since the cyber insurance application process entails a comprehensive onboarding procedure, businesses can expedite this by employing a cybersecurity framework like the NIST Cybersecurity Framework. Such frameworks aid in determining which security controls should be implemented. Additionally, most insurance policies mandate robust backup and recovery processes, as well as the adoption of multi-factor authentication.

Organizations that invest time in preparing for and conducting risk assessments as part of the cyber insurance application process gain a competitive edge. When faced with a cyber incident, their preparedness often results in a lesser severity of the incident, as they can promptly engage the resources offered by their cyber insurance policies.