The newly released research data shows that the cost of blackmail software attacks is rising, significantly pushing up the online insurance premiums in the UK and the US.
In the past two years, the average expenditure of American cyber insurance has exceeded 3.5 million dollars. More and more cyber security insurance companies hope to directly obtain customer security indicators and measures. Panaseer’s report on the status of the cyber insurance industry shows that this helps to confirm the status of security controls.
However, it is difficult for insurance companies to accurately understand the security situation of customers, which in turn will affect the price rise.
Nik Whitfield, founder and chairman of Panaaseer, pointed out that 82% of the surveyed insurance companies expected premiums to continue to rise. He explained: “The increase in the cost of blackmailing software is pushing up the premium, and the increase in the number of attacks and successful attacks means that it is increasingly difficult to insure, and the premium is getting higher and higher.”
At the same time, 87% of the surveyed insurance companies hope to adopt a more consistent approach to analyze network risk. “Fundamentally, insurance companies need more comprehensive and detailed information to price risks – the questionnaire will not reduce risks.” Whitfield said, “It is necessary for insurers to accurately price risks to obtain real real-time data about their security status from customers, just as telematics brings to auto insurance.”
The survey found that the most important factor in assessing the security status of potential customers is their cloud security (40% of respondents mentioned this factor), followed by security awareness (36%), application security (32%), vulnerability management (31%), privileged access management (31%) and patch management (30%).
Whitfield pointed out that one of the potential challenges of the market may be that many organizations are very reluctant to hand over privileged information about the internal mechanisms of their security posture. “No one is willing to share their own security information with others, because it will bring security risks. In addition, it is also dangerous to expose private information about their own security status to others.”
In the worst case, some companies will not be able to obtain insurance because they cannot provide enough information to obtain reasonably priced insurance.
“In this case, they will have to do something more extreme, such as providing evidence and information, hoping to cooperate with insurance companies to improve their own security situation.” Whitfield pointed out. “This is the same as any type of risk: the insurance company thinks that the lower the risk, the cheaper your premium will be, and the easier it will be for you to obtain insurance. The network field is no exception.”
Pricing problem of network insurance market
The survey shows that many insurance companies have not yet figured out how to price online insurance: although 47% of respondents said they were “very confident” in the underwriting process, 44% of respondents were only “a little confident”.
“Some results are contradictory: on the one hand, they are confident in their model; on the other hand, they are not really sure that they know how to price.” Whitfield explained, “This situation will change over time. But we need to keep an open mind and communicate with the market on how to do this.”
Complicated, in the field of network security, the past has never been a good predictor. “For some types of risks, the past can give you a good grasp of what will happen in the future. But in the network field, that is not the case at all. Our competitors are very active. They can always use new tools, technologies and programs to access our environment, and they can always create new malware. New applications also emerge in endlessly. It is not feasible to use the past to predict the future. This is why it is difficult for insurers to price online insurance The reason for the risk. ”
Facing the increasingly complex global threat situation, with the increasing frequency and severity of attacks, insurance companies and brokers began to charge higher fees for insurance policies and set higher requirements. To ensure your enterprise data security, you should backup your data regularly. Vinchin offers solutions such as VMware backup for the world’s most popular virtual environments, XenServer backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, Oracle backup, etc.
Kaspersky carried out an investigation in October 2021 and released the research report in January 2022. The report shows that the trend of investing in online insurance is becoming increasingly clear, with 28% of respondents saying that their companies spend $25000 to $50000 annually to invest in online insurance.
In Whitfield’s view, the prospect of network security threats will first get worse and then better. “The risks faced by enterprises have been increasing. In the past few years, the number of data leaks and their costs have risen steadily.”
So, how can the insurance industry support the business and get returns at the same time? This depends on the partnership between the insured and the insurer, Whitfield explained. “I don’t think it can be achieved by one party alone. It needs to be solved by evidence, rather than sending a questionnaire to ask the organization’s opinion on the security situation.”
This means that insurance companies can efficiently and timely obtain hard data about the security situation of the organization, and have reliable high-quality data. “This will be a real revolution in the network insurance industry.” Whitfield said.