Ransomware Scourge Drives Price Hikes in Cyber Insurance

Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.

The rising cost of ransomware attacks is helping push significant premium increases in cyber-insurance policies in the UK and US, new data shows.
With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cybersecurity insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber-insurance industry.
However, insurance firms are struggling to accurately understand a customers security posture, which is in turn affecting price increases.
Nik Whitfield, founder and chairman of Panaseer, notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive, he explains.
Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analyzing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires arent going to cut it, Whitfield says. Having real live data coming from a customer about their security posture is whats going to be required for them to accurately price risk, in the same way that telematics did for car insurance.
The survey
found that the most important factor when assessing potential customers security posture is their cloud security — cited by 40% of survey respondents — followed by security awareness (36%), application security (32%), vulnerability management (31%), privileged access management (31%), and patch management (30%).
One of the likely challenges in the market, Whitfield points out, is the high degree of hesitancy many organizations may have about handing over privileged information about the inner workings of their security posture. No one wants to share their security information with anybody else because that creates a security risk, and it feels vulnerable to expose intimate information about your security posture to others, he says.
Worst case, there will be companies unable to get insurance because they cant provide sufficient information to get reasonably priced insurance, according to Whitfield.
In those cases, they will have to do something more extreme, such as providing evidence, information, and hopefully work with their insurer to improve their security posture, Whitfield notes. Its like any type of risk — the better the risk looks to the insurer, the better your premiums and the easier it will be to get insured. And itll be no different in cyber.
The survey indicates that many insurers dont yet have the answer to how to price cybersecurity insurance: While 47% of total respondents said they are very confident in their underwriting process, 44% are only somewhat confident.
Theres some conflicting results that show on the one hand, theyre confident in their models, but on the other hand, theyre not really confident that they understand how to price it, Whitfield explains. This is going to evolve over time. But there needs to be an openness and awareness and a conversation with the market about how to do this.
Complicating matters is that the past is never a good predictor when it comes to cybersecurity. For some kind of risks, the past can give you a good handle on whats going to happen in the future, he says. In cyber, its just not the case. We have active adversaries. We have new tools, techniques, and procedures to gain access to our environments, new malware, new applications. The past is no predictor of the future. And thats what makes it so difficult for them to price this.
Insurers and brokers are
charging more for policies
and setting higher requirements as they face an increasingly complex threat landscape that has taken on a global nature, while the frequency and severity of attacks are increasing.
A
Kaspersky study
released in January 2022 and conducted in October 2021 indicated investing in cyber insurance is a growing proactive trend; 28% of respondents said their company annually invests anywhere from $25,000 to $50,000 per year.
From Whitfields perspective, the outlook for cybersecurity threats is going to get worse before it gets better. The risk to businesses has been increasing, and the number of breaches and the cost of a breach has been rising steadily in the last few years, he says.
So, how can the insurance industry both support business and make a return at the same time? It will take a partnership between the insured and the insurer, he explains. I dont think it could be forced by one party or the other, and it needs to be settled with evidence rather than a questionnaire finding out what the opinion of an organization is about a security posture.
That means insurers getting hard data about an organizations security posture, provided in an efficient, timely way, and with high-quality data that can be relied on. That will be the real revolution in the cyber-insurance industry, Whitfield says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ransomware Scourge Drives Price Hikes in Cyber Insurance