Cyber insurance crisis to fuel enterprise shift in cyber protection
LONDON and NEW YORK, March 16, 2022 /PRNewswire/ -- Panaseer, an enterprise security company, today shares data on actions enterprises are willing to take to solve the escalating cyber insurance crisis.
In recent years the cyber landscape has been dominated by a sharp increase in ransomware attacks. According to SonicWall, ransomware attacks increased 105% in 2021 and Sophos' report, the "State of Ransomware 2021," revealed the average ransom paid is now $170,404 but remediation costs $1.85 million, ten times the size of the ransom payment, on average.
The increase in frequency and cost of ransomware attacks has made ransomware a board-level risk and put the cyber insurance industry under extreme pressure. This is evidenced by a recent survey Panaseer conducted with over 1,200 global enterprise security leaders – over four in five (84 per cent) respondents said their Board now wants to understand their ransomware protection levels. As such, nearly all (91 per cent) security leaders are reporting their ransomware protection levels to the Board. For 86 per cent of security leaders, ransomware protection is a budgeted 2022 priority.
The proliferation of ransomware has led to an increase in the frequency and value of cyber insurance claims. As such, many insurance providers have increased their premium prices and turned away prospects without sufficient cybersecurity precautions. According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent.
These changes in cyber insurance practices are putting businesses in a difficult position, as cyber insurance is fast becoming a condition for doing business in certain sectors. According to Forrester, cyber insurance has even become the price of admission for the partner ecosystem. To resolve the issue, many insurers will want some form of verification that businesses are taking the correct cyber hygiene measures, so they can more effectively price and allocate cover, akin to the shift that took place in the automobile market with black box car insurance.
Panaseer's research shows that businesses are willing to make this shift, but they aren't ready yet. According to Panaseer's research, all the security leaders would be willing to demonstrate the strength of their cyber programme to cyber insurers, with data-driven metrics, if it meant they could reduce their cyber insurance premium. However, none of them are ready to do this immediately.
Just over a quarter of security leaders (29 per cent) believe they will be ready in the next 12 months, over half (57 per cent) hope to be ready in the next 13-24 months, with 14 per cent not sure when they will be able to share the data. The most prepared industry is financial services (46.5 per cent of respondents would be ready in the next 12 months), followed by healthcare (46 per cent), utilities (27 per cent), life sciences (21 per cent), energy (20 per cent) and lastly retail (13 per cent).
Nik Whitfield, Chairman, Panaseer: "In recent years, Ransomware has been the most high-profile risk in cybersecurity, which is why many Boards are concerned about its potential for disruption and damage. Thanks in part to the proliferation of ransomware claims during the Coronavirus pandemic, cyber insurers have also been forced to pay out on underpriced policies, pushing their portfolios towards being loss-making. The result is that the market has hardened, insurers have withdrawn and it's much tougher for customers to get insurance at all, let alone good value on a policy.
"The current, distressing situation in the Ukraine may well increase the cyber risk to companies, making it harder for underwriters to effectively price policies and even harder for companies to buy any cyber insurance cover.
"However, a positive by-product of insurers pushing back, is that it will become another driver for businesses to enhance their cybersecurity measurement. As insurers look to find a way to make cyber protection workable for both parties, organisations will need to improve the way they communicate their security posture. We're moving towards the era of evidence over opinion, hard data rather than subjective questionnaires."
For more information on how businesses can more confidently report on ransomware protection, with view to being able to prove the strength of their cyber programme, please see Panaseer's latest report: https://panaseer.com/reports-papers/report/ransomware-report/
About Panaseer
Panaseer is the first Continuous Controls Monitoring (CCM) platform for enterprise security. CCM is solving one of the biggest challenges in cybersecurity today – control failure. Enterprises do not know if their security controls are providing full protection at any given moment in time. Panaseer's CCM platform uniquely correlates data from all security tools to identify and measure missing assets and control gaps so that organisations can optimise security controls, tools, processes, and personnel.
CCM has become a required capability for regulated enterprises. Gartner has included Panaseer as an inaugural vendor in two Hype Cycles for emerging technology: in 2020, in the Continuous Controls Monitoring category under Risk Management, and in 2021 in the Cyber Asset Attack Surface Management (CAASM) category under Network Security. Recently, Momentum Cyber included CCM in its Cybersecurity Almanac, as a next generation technology that will shape the future of cybersecurity; they also included Panaseer as an inaugural vendor.
Panaseer's CCM platform was named as the 'Best Regulatory Compliance Tool and Solution' at the 2020 SC Awards Europe, and also received the Editor's Choice award from Cyber Defense Magazine for its 'Continuous Controls Monitoring platform.'
Panaseer clients include the world's largest institutions and enterprises. Total funding to date is $43 million and investors include: AllegisCyber Capital, National Grid Partners, Evolution Equity Partners, Notion, AlbionVC, Cisco Investments and Paladin Capital Group.
For more information visit: www.panaseer.com
Share this article