A report released by Panaseer, a cybersecurity company, last week suggests that cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims.
The 2022 Cyber Insurance Market Trends Report found that there is a lack of confidence in underwriting processes. Nearly one in 10 respondents admitted that they were ‘not that confident’ in their underwriting capabilities for cyber insurance. Only 44% of insurers said that they were ‘very confident’ in evaluating cyber risk.
When asked about the most significant factor when assessing a client’s security posture, 40% of respondents said cloud security. The next most significant factors were security awareness and application security. At the bottom of the list was identity access management and endpoint detection and response with just one in four insurance companies deeming these as important risk factors.
Almost nine in 10 insurers called for a consistent industry approach to evaluate client cyber risk. In the US, at the top of the risk assessment changes that insurers are planning over the next two years was requiring more detailed evidence of a client’s security posture. Followed by reducing customer numbers.
The report shows that cyber insurers are beginning to avoid offering cover for ransomware attacks. Interestingly, one in 10 UK respondents stated that they would exit the cyber insurance market within the next three years unless they could change preexisting risk assessment methods.
The largest ransom paid by an insurer in the US during the last two years was $3.52million, while the largest in the UK was £3.26million. The report showed a 27% increase in the cost of ransomware claims during the last two years, resulting in large payouts like these.
Manufacturing companies made the most cyber insurance claims, followed by financial services and healthcare, according to the report.
Panaseer surveyed 400 global insurers along with risk experts and CISOs to produce the study.