Cyber Insights 2023: Cyberinsurance

The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more costly global nation state cyberattacks - and Lloyds of London announced a stronger and more clear war exclusions clause. Higher premiums and wider exclusions are the primary methods for insurance to balance its books - and it is already having to use both. One thing is certain: a mainstream, funds rich business like insurance will not easily relinquish a market from which it can profit. "Looking ahead," continued Wolff, "I think insurers and their policyholders are going to find themselves mired in a lot of fights about attribution and how to define what makes a cyberattack state-sponsored or catastrophic or uninsurable." Two things are certain: security defenders will have increased questions over the cost/return value of cyberinsurance, while insurers will be seeking new ways to ensure their market doesn't disappear. The insurers have one major advantage: insurance has been a staple part of business for centuries, and business leaders don't seem inclined to exclude it from security. Joseph Carson, chief security scientist and advisory CISO at Delinea, notes that his own firm's survey reveals 33% of IT decision makers applied for cyberinsurance due to a requirement from their board and executive management. He also notes that 80% had subsequently called upon that insurance with more than half doing so more than once. "As a result of more cyber insurance policies being introduced, and ultimately many businesses needing to use them," he comments, "The cost of cyber insurance is continuing to rise at alarming rates. I expect to see this continue in 2023.". "A very likely outcome of this," he continued, "Is that more companies will fall below the cybersecurity poverty line. With inflation currently over 8% - measuring 4x higher than the central bank's target rate of 2% - companies who hadn't planned for increased costs will find themselves with less money to spend on cyber, thus falling further below the CPL and finding themselves facing the hard decision on where to spend their next investment dollar." Firms will increasingly need to choose between cybersecurity mitigations or cyberinsurance - and neither of these options on their own will benefit the insurance industry. One option would be to become more granular in the cover it offers. This would allow coverage to be more tightly defined with fewer if any exclusions. Further, suggests Chris Gray, AVP of security strategy at Deepwatch, it would "Allow basic risk management into services while providing the ability to charge increased premiums for more upscale/impactful attacks." The Food Liability Insurance Program provides Insurance designed for small food businesses with gross annual receipts under $500,000. The Forward Contract Insurance Protection plan is a supplemental insurance that provides an indemnity for farmers unable to deliver contracted volumes. "Government intervention in the form of sanction insurance programs - a la TRIP, FLIP, FCIP, etcetera - is likely to evolve, with a significant discussion regarding coverage areas and their impact on national security," suggests Gray. One of the strongest likelihoods over the coming years is the growth of cybersecurity requirement impositions; that is, insurers will decline coverage unless the insured conforms to a specified security posture. Chris Denbigh-White, cybersecurity strategist at Next DLP, argues, "The notion of 'insuring away cyber risk' will become somewhat unrealistic. Insurance premiums, prerequisites and policy exclusions will no doubt continue to increase in 2023 which will have the effect of narrowing the actual scope of what is really covered as well as increasing the overall cost." The industry recognized that standard business insurance didn't explicitly cover against cyber risks, and cyberinsurance evolved to fill that gap. Comments Scott Sutherland, VP of research at NetSPI, "Insurance company security testing standards will evolve." It's been done before, and PCIDSS is the classic example. The payment card industry, explains Sutherland, "Observed the personal/business risk associated with insufficient security controls and the key stakeholders combined forces to build policies, standards, and testing procedures that could help reduce that risk in a manageable way for their respective industries." He continued, "My guess and hope for 2023, is that the major cyber insurance companies start talking about developing a unified standard for qualifying for cyber insurance. Hopefully, that will bring more qualified security testers into that market which can help drive down the price of assessments and reduce the guesswork/risk being taken on by the cyber insurance companies. While there are undoubtedly more cyber insurance companies than card brands, I think it would work in the best interest of the major players to start serious discussions around the issue and potential solutions." Mike McLellan, director of intelligence at Secureworks, adds, "The requirements on organizations wishing to obtain cyber insurance will become more and more stringent, and organizations that are unable or unwilling to comply will find coverage is declined." To even reach the stage of a defined cyberinsurance standard, the insurance industry will either have to get into bed with existing security vendors or become a cybersecurity company itself. The former is worrying - depending on the closeness of the relationship and the degree to which the vendor seeks to satisfy the insurance industry rather than its own customers - while the latter is doomed to failure. The more mature security vendors have been working for more than two decades on eliminating cyber threats with varying but ultimately little success. Whether or not a full cyberinsurance security standard emerges, there will be increasing cooperation if not collaboration between insurers and security vendors in 2023. "The borderless nature of networks, coupled with a threat landscape that is less predictable, necessitates the need for true risk quantification of companies' security controls now more than ever. With that, I expect to see more investment into quantifying cyber risk. This will drive better collaboration and data sharing between security companies," explains Jason Rebholz, CISO at Corvus Insurance. "Cyber insurance carriers will lean into partnerships with technology companies to fuse security data with insurance and risk modeling insights. The net result is more accurate risk quantification, which will in turn help keep policyholders safer." Breaches will continue and will continue to rise in cost and severity - and the insurance industry will continue to balance its books through increasing premiums, exclusions, and insurance refusals. The best that can be hoped for from insurers increasing security requirements is that, as Norman Kromberg, MD at NetSPI suggests, "Cyber Insurance will become a leading driver for investment in security and IT controls." An interesting comment comes from Jennifer Mulvihill, business development head of cyberinsurance and legal at BlueVoyant: "The underwriting process and the completion of an underwriting application are excellent ways to self-assess and consider the protection of assets from a cyber perspective. The information gleaned from these exercises is valuable information, not only for the CISO, but for the Board and CFO, and augments financial investments and regulatory compliance." Insurers could charge for the right to apply for insurance, but if a prospective customer must pay, that customer could simply pay a cybersecurity consultant for the same service and ignore insurance altogether. It is unlikely that the insurance industry will be able to balance its books through raising premiums and reducing payouts through increasing exclusions, nor yet eliminate claims through a required cybersecurity standard. "The bigger your business grows, the more challenging it will be to meet these requirements. More and more organizations were being dropped by providers throughout the last year, and going into 2023 there will likely be a trend of organizations being unable to receive coverage." "Will Cyber insurance become an expensive 'tick in a box' or will it deliver real value?" asks Denbigh-White. "Will it even remain a viable offering from insurance companies in 2023? While carrying cyber insurance is rapidly becoming a 'security prerequisite' for many organizations, its benefit in relation to cost and cover remain uncertain as we move into 2023.". "Insurance always wins!" Insurance will get more expensive, more difficult to get, and less likely to pay out. "As a result, more organizations may decide not to take out insurance at all, instead focusing on ploughing resources into protection. If this happens, we can expect to see insurance companies partnering with big consulting firms to offer joined up services." "Pointless it may be, if insurers are never going to pay out but buying cyber insurance may simply become a necessary cost of doing business - a box that must be ticked to demonstrate to shareholders that all steps are being taken to protect the business and ensure resilience and continuity."

This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 11:27:02 +0000


Cyber News related to Cyber Insights 2023: Cyberinsurance

Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
7 months ago Cyberdefensemagazine.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
8 months ago Securityzap.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
8 months ago Scmagazine.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
4 months ago Therecord.media
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
6 months ago Cyberdefensemagazine.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
10 months ago Securityboulevard.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
9 months ago Techrepublic.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
10 months ago Techrepublic.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 week ago Cyberdefensemagazine.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
9 months ago Cisa.gov
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
10 months ago Darkreading.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
8 months ago Securityzap.com
Cybersecurity Tops 2024 Global Business Risks - The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States, in 2024. The 13th annual business ...
8 months ago Cybersecurity-insiders.com
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too - An increase in cyber-insurance claims in 2023, driven by a more active threat landscape, will likely mean that last year's price plateau in cyber-insurance premium costs will be short-lived, according to industry experts. While premium costs fell by ...
8 months ago Darkreading.com
The top cyber security news stories of 2023 - 2023 was a busy year for cyber criminals, making it tough to choose the top cyber security news stories of 2023. Cyber security professionals have had their hands full in protecting sensitive information and detecting breaches to ensure the safety of ...
10 months ago Securityboulevard.com
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
7 months ago Cybersecurity-insiders.com
AI Helps With the Implementation of Simulated Cyber Defense Techniques - We are going to emphasize the importance of using AI to simulate cyber threats to help both humans and machine learning tools prepare for them more effectively. To extend their understanding beyond conventional strategies, many organizations are now ...
9 months ago Feeds.dzone.com
Cyber Defense Magazine - The evolving landscape of cyber threats in our increasingly digital world calls for a strategic shift from traditional cybersecurity to a more encompassing and proactive approach: cyber resilience. Understanding the unique risk profile of your ...
7 months ago Cyberdefensemagazine.com
Securing Gold: Assessing Cyber Threats on Paris 2024 - The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. Paris 2024 estimated the number of spectators for the next edition to be 9,7 ...
9 months ago Blog.sekoia.io
75% Organizations Struggle with Recurring Cyber Attacks - In a time when advancements in technology rule these days, the constant risk of cyber attacks hangs over businesses all over the world. This study highlighted the difficulties Chief Information Security Officers encounter during cyber attacks. This ...
10 months ago Securityboulevard.com
Beyond Traditional Cyber Defences: The Rise of Outcome-Based Security In Modern Business - Cyber security is no longer just about keeping systems and devices safe, it's also become central in enabling business to achieve their strategic objectives. Paul Brucciani, Cyber Security Advisor at WithSecure™, has important information about ...
8 months ago Cyberdefensemagazine.com
Smashing Security Podcast Episode 306: What is the State of Cyber Security in 2020? - The recent pandemic has created a need for businesses to invest in cybersecurity more than ever. The popularity of digital communication and remote access has exposed organizations to more cybersecurity threats than ever before. Graham Cluley’s ...
1 year ago Grahamcluley.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)