How cyber insurers can raise the game in cyber resilience

Person in black long sleeve shirt suing MacBook Pro: Cyber insurers are uniquely positioned to encourage standards.

Cyber insurers are uniquely positioned to encourage standards. Image: Unsplash/Towfiqu Barbhuiya

Mike Wilkes
Adjunct Professor, New York University Tandon School of Engineering
Anna Sarnek
Director of Strategic Alliances, Valence Security
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


  • The cyber insurance industry’s role in ensuring a global ecosystem of cyber resilience is undermined by a lack of a standardized framework to measure their cyber resilience.
  • Increased demand for cyber insurance means insurers are positioned and incentivized to influence the implementation of cyber resilience standards as part of an improved risk assessment methodology.
  • Cyber insurers play an important role in improving cyber resilience through collaboration, improvement, monitoring and quality and intelligence.

The 2022 Russia-Ukraine War demonstrates that cyberattacks continue to grow with cyber threat weaponization becoming a tool to maximize impact on multiple businesses and critical infrastructures important to national economies. Ensuring cyber resilience is predicated upon effective risk identification and mitigation. So now, it is more important than ever for organizations to put on a “digital flak jacket.”

The cyber insurance industry has an important role in improving and ensuring a global ecosystem of cyber resilience. However, cyber insurers and insured organizations lack a standardized framework to measure their cyber resilience. Instead, they rely on industry benchmarks for resource allocation and antiquated techniques for quantifying cyber risk.

As cyber incidents increase in frequency and intensify in their disruptive impacts, it is clear that higher cybersecurity spending does not necessarily drive better cyber maturity. Insurers have intimately experienced the effects of immature risk assessment methods when insuring organizations over the past two years, as the top 20 cyber insurers have recently posted record high loss ratios.

With the increased demand for cyber insurance, insurers are now positioned (and financially motivated) to influence the implementation of cyber resilience standards as part of an improved risk assessment methodology.

There are several ways cyber insurers are essential in improving cyber resilience.

1. Collaboration

Cyber insurers can collaborate with governments, regulators and organizations to continuously improve and prioritize actions based on current exposures to attacks as they are uniquely positioned to adopt cyber-resilience best practices and observe good security hygiene and behaviour.

Not only can they provide the right incentives to encourage resilient conduct but they are also financially invested in mitigating society’s cyber risk across sectors and geographies. As a result, their balance sheets are intrinsically linked to the cybersecurity success of others.

Standardizing cyber risk measurement techniques and governance principles is a win-win for insurance and society.

Have you read?

2. Suggesting improvement plans

Cyber insurers can also encourage organizations to follow the order of operations by suggesting improvement plans.

Providers perform assessments of an organization’s security posture to define the premiums. For that, they have access to multiple aspects of internal information such as security incidents, breaches and claims data that may not have been made public.

Based on that information, cyber insurers define their premiums and contracts and could also define improvement objectives that incentivize positive security actions.

Incentives like a review of premiums and discounts for consistently strong security postures for the insured could have a large impact.

3. Monitoring and quality assurance tools

Cyber insurers can apply continuous monitoring practices and tools to ensure enhanced cyber posture through metrics like security ratings.

Continuous monitoring minimizes cyber risks and increases the understanding of the cybersecurity ratings of an insured entity at the time of a breach or incident. Overlaying these kinds of insights and crucial discoveries about the type of breach or incident that occurred and the impact categories outlined in the claims will provide unique insight.

For example, discovering any correlations between an entity type (e.g. industry and size), the entity’s cyber maturity rating, and the impact of the breach on the business that resulted in a claim to the insurer (or multiple insurers in some cases) is an invaluable improvement to our knowledge of risk indicators.


How is the Forum tackling global cybersecurity challenges?

Aggregating and anonymizing analytics of claim data should surface strongly correlated indicators, patterns and emerging trends. This data can be used as legitimate leverage during premium negotiations with the insured of both the annual and post-incident kinds.

It is clear that insurers are well-positioned to influence organizations to achieve cyber resilience. They can achieve this through leveraging the possibility of continuous underwriting, where insurers regularly monitor the risk posture of the insured. This type of active oversight can be influential for proactively coaching clients on the best ways to avoid cyber incidents.

Armed with data-driven risk models, insurers can motivate the insured to improve their controls, improving their cybersecurity risk rating and resilience in the context of a constantly evolving risk landscape.

4. Using and sharing intelligence

Cyber insurers can use and share the intelligence with ecosystem players and law enforcement during an incident to speed reaction and reduce recovery times, thereby minimizing risk.

As already mentioned, providers have unique access to security incidents, breaches and claims data that may not have been made public. It would be irresponsible for insurance providers to keep this information from informing regulatory policy, cybersecurity practices and incident response.

Indicators of Compromise (IoCs) are routinely shared among ISACS (Information Sharing and Analysis Centers) in the US, Europe and Asia to aid in the collective resilience of an industry or sector such as oil and gas, financial services or retail/hospitality. STIX and TAXII (now in version 2.1 as of June 2021) are structured data sharing protocols for this purpose.


Perhaps the major firms should seek out similar ways to build communities of insurance practitioners who can benefit from aggregated and anonymized TTPs (Tactics, Techniques and Procedures) and corresponding data for breach events or business disruptions. When more in-depth threat intelligence feeds from security vendors are added to this core of event and threat actor information, we just might be helping give rise to a collective defense capability that is truly resilient and robust.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

These sectors are top targets for cybercrime, and other cybersecurity news to know this month

Akshay Joshi

April 22, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum