Why are cyber premiums 'going gangbusters'?

'Carriers were not prepared' for ransomware-as-a-service

Tom Allen
clock • 3 min read

Five years ago carriers thought of cyber insurance as “stealing candy from babies” - but they were totally unprepared for how the market has changed.

Wes Spencer and a slide about the various areas of cyber insurance

The future is standardisation…and data

To limit payouts, carriers are beginning to bring in standardised minimum requirements across the industry. Five of the most common are:

  • MFA everywhere - including your CEO!
  • Segregated backups
  • Endpoint detection & response and ‘next-gen' antivirus
  • Patching and vulnerability management
  • Cybersecurity employee training

This doesn't necessarily apply to every company. If you're under $10 million revenue, insurance will normally be granted with minimal checks. The questionnaires start to come in between $10 million and $20 million; and above $20 million "they will go through your security with a fine-tooth comb."

At the end of the day, it all comes down to data. Premiums today are high because insurers don't know exactly how to assess risk - cyber insurance still being a relatively new industry - but "insurers are data nerds," and understanding is coming.

Whether that will lower premiums or not is anybody's guess.

You may also like
NCSC and insurers unite to fight ransomware threat

Threats and Risks

First rule: 'Don't panic'

clock 15 May 2024 • 3 min read
Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

Finance

Certifications mean nothing without action

clock 08 May 2024 • 4 min read
'A generation of entitlement': Against Big Tech in the fight for talent

Careers and Skills

It's not all about the money any more

clock 01 May 2024 • 4 min read

More on Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read
Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

142 holes plugged this month

John Leonard
clock 10 July 2024 • 3 min read