“As cyber insurers tighten their belts, insurance rates peak, new exclusions and stricter policy terms are set to drive a change in your security posture.” – Michael L, Incident Response & Operations Lead @ Aspire Technology Solutions.
The Aspire Cyber Security Team undertook a review of the current state of the cyber insurance market for Q2 2022. Key findings in this article highlight why cyber insurance is not a solution to improving your cyber security posture.
Cyber insurance rate peak
Aspire analysts have monitored the Marsh’ Global Insurance Market Index, focusing on the key drivers behind why insurance rates continue to rise, specifically in the UK market.
An insight into the typical cyber insurance rate increases by each quarter are below:
Along with the increase in premiums, came an increase in scrutiny from underwriters, new terms and more conditions to abide by, to reduce the overall liability from the insureds.
Increase in underwriting rigour
Source: Aon cyber insurance snapshot 2021 second edition – UK & EMEA
Aspire noted during the review of the Marsh UK Cyber Insurance Trends H1 2021 Report, that the number of cyber claims in the UK more than doubled, moreover, external threats and impact by extortion lead breaches were the leading cause of claim notification. [1]
In turn, this has called for a more diligent underwriting process from most insurers. Many insurers introduced supplemental applications by Q1 of 2021, such as implementing controls against key risks identified during a ransomware breach. [2]
In May of 2021, Axa insurance announced it would no longer write cyber insurance policies that cover ransom payments. Whilst Axa’s move at the time could be described as a bold approach to tackle the support of the ransom business model, AIG also now review organisations’ security posture to assess cyber insurance liability.
What Aspire predicts for Q3 2022
Aspires Security Operations Centre (SOC) predict a continued increase in premiums, following the trend of 2021. The key trend from our analysis of Q1 2022 and Q2 2022 so far highlights that there’s a shift in the appetite from cyber insurers to undertake a more rigorous assessment of potential customers, requiring them to demonstrate a more proactive approach to their cyber security portfolio, such as implementing MDR/SOC services, having an incident response plan or retainer, having the ability to perform digital forensics investigations etc.
How Aspire can help
Aspires SOC services are able to not only improve your cyber security posture and resilience, but also reduce your liability profile to potential cyber insurers. We offer a 24x7x365 MDR service, powered by Crowdstrike & Securonix, whilst also boasting access to our private data centre network across the UK, connected by our market leading UDC, giving you the best in market potential for resilience against modern cyber threats.
We can implement tailored incident response plans, managed next-generation EDR & SIEM, e-mail protection, vulnerability management and more. Explore our range of managed cyber security services here.
Michael Lamb