Marsh: Just 58% of execs think Cyber Cover worth the expense
A new study conducted by Insurance giant Marsh and Microsoft has found that less than two thirds of company decision makers believe cyber insurance cover is worth the cost.
However, data also shows that this figure is up significantly on previous years, with 61% of the 650 respondents surveyed having purchased cover - a rise of 30% since 2019.
Cyber insurance is one of the fastest growing insurance sectors
According to a recent analysis by Vantage Market Research, the rise in cyber crime incidents has expediated market growth globally. The primary driver for cyber insurance cover is the rising rate of recovery of financial losses and as a result, the Global Cyber Insurance Market is predicted to rise in value to US$ 28.445 over the next five years at a CAGR of almost 29%
Comparatively, the growth rate is massive, as studies in 2019 showed the industry was worth $7,49bn.
Rise in cybercrime is driving insurance growth
As digital transformation has driven up business internet penetration globally, the incidence of cyberattacks and frauds such as the breach of personal data and confidential information like social security numbers, passwords, credit card numbers, and email addresses has risen sharply. Data suggests as many as eight billion records, including phone numbers, home addresses, and credit card numbers were exposed in various data breaches between January 2019 to April 2020.
Because attacks are rising so fast, the governments globally are swiftly implementing a number of cyber security measures that involve high fines and penalties for frauds and data breaches. These policies are fueling the expansion of the cyber insurance market across a number of globally significant marketplaces.
Research also shows that standalone cyber insurance solutions provide businesses with the ability to quickly provide compensation to the first and the third parties following financial losses from data breaches.
Greater cybercrime regulation enforced
Market adoption has also been driven by more robust cybercrime regulations, as certain controls have become a minimum requirement for a majority of insurers, with “potential insurability on the line” for those seeking cover.
Marsh stated that 41% of its respondents reported that insurer demands had motivated moves to enhance their current cyber control measures and even adopt new measures. Insurance "influences the adoption of best practices and controls,” the State of Cyber Resilience report said.
Marsh also reported that cyber risk management has become “a mishmash of roles and responsibilities” without “a clear leader for decisions around cyber insurance”. And this has compounded issues within companies seeking to improve their cyber protection. Companies with cyber insurance were also more likely to have undertaken additional protocols to strengthen security and have stricter controls in place.
The report also cited a number of recommendations that all companies should adopt that have recently come to light as a result of insurers being better equipped at identifying risks and incidences.
The recommended cyber insurance controls are:
- Email filtering and web security
- Logging and monitoring/network protections
- Secured, encrypted, and tested backups
- Patch management/vulnerability management
- Cybersecurity awareness training/phishing testing
- Multi-factor authentication (MFA) for remote access and admin privileged access
- Endpoint detection and response (EDR)
- End-of-life systems should be replaced or protected
- Hardening techniques including remote desktop protocol (RDP) mitigation
- Cyber incident response planning and testing
- Privileged access management (PAM)
- Vendor/digital supply chain risk management