Insurers see cyber insurance potential as threat increases

More than half (54%) of insurers in the UK expect to realise new revenue streams from cyber security plans as new research lays bare the nature of threat to insurers themselves.

The new report, from cloud computing firm iomart and forecasting company Oxford Economics, surveyed 500 UK-based cybersecurity decision makers. The findings suggest that insurers face a significantly higher risk to their own business than UK companies as a whole, with almost half (49%) of respondents reporting between 40 and 60 cybersecurity incidents in the last 12 months.

When analysing the type of threat, malware provides the highest concern to insurers, with 67% identifying it as the main threat to their cybersecurity. Nine in 10 insurers (90%) noted an increase in the price of premiums for cyber insurance in the last two years, amid concerns that smaller businesses will leave themselves exposed to risk.

As rising business rates and spiralling inflation cause businesses to reassess their priorities, there are warnings that some firms may be priced out of cybersecurity altogether. Smaller businesses, in particular, will have to decide between meeting the rising cost of cyber insurance or leaving themselves vulnerable – at a time when hybrid working and geopolitical events such as Russia’s invasion of Ukraine are raising the likelihood of attack.

Post-pandemic changes contributing to threat landscape

More than 60% of participants in iomart’s survey say the increased prevalence of remote working was moderately or significantly challenging.

Iomart CEO Reece Donovan says: “The changes we have all experienced in the last three years have left a lasting mark on the business landscape. There are few places we are seeing that more acutely than in cybersecurity.

“The ‘State of Cyber Security in the UK insurance industry’ report shows an ongoing increase in the number of breaches being suffered by organisations. And the results indicate that whilst there’s no one single reason for this, the insurance sector is suffering more than most. However, the data in the report clearly highlights the post-pandemic changes to the way we do business as contributing factors. The barrier to entry for cyber criminals is also much lower than it ever was. Someone can set up a devastatingly effective ransomware or malware business from their bedroom, for as little as £50. This means that all organisations, irrespective of their size, are now potential targets.

“The report also shows a higher-than-expected number of breaches. It indicates that insurers are facing a greater volume of threats than ever before and are more at risk than almost any other industry. These threats are far more complex and difficult to defend against than we’ve ever seen before. This is largely due to threat actors looking to exploit vulnerabilities that have emerged as a result of new trends such as flexible working.

“From these figures it is clear that the insurance sector has become a key target for threat actors. The combination of its regulatory obligations, and its central role in business and society, have no doubt highlighted the industry as a valuable opportunity for criminals. However, the industry is responding strongly. The evidence for this can be seen clearly in consistent investment, relatively high levels of confidence in threat repulsion, and the trend towards making cyber resilience a boardroom issue.”