Here's what your organization needs to know about cyber insurance

An open padlock sits on a laptop keyboad. cyber insurance

Cyber insurance is increasingly complex owing to rapidly emerging and changing cyber threats Image: TheDigitalWay/Pixabay

Anna Sarnek
Director of Strategic Alliances, Valence Security
Larry Slusser
Vice President, Global Head of Professional Services, SecurityScorecard
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


Listen to the article

  • Losses from cybercrime are expected to rise from $8.44 trillion in 2022 to approximately $11 trillion in 2023.
  • The challenge facing insurance companies is quantifying the risk and complexity of measuring the cascading impact of a cyber attack.
  • Despite the increasing complexity in cyber insurance and rapidly evolving cyber threats, security leaders can minimize and even simplify risk assessments by focusing on four core areas.

Currently, 4.7 million experts worldwide work in the cybersecurity field trying to limit the global costs of cybercrime. Losses from cybercrime are expected to surge in the next five years, rising from $8.44 trillion in 2022 to approximately $11 trillion in 2023 and potentially reaching approximately $24 trillion by 2027.

Insurers provide cybersecurity recommendations and the insured look to insurers to understand the insurance needs. As such, it is critical to close the gap in both the insurers’ technical cybersecurity knowledge and their knowledge of how the insured’s organization is structured digitally to understand what is already deployed and what else is needed to increase security.

Have you read?

Incidence response (IR) is the process by which an organization handles a data breach or cyberattack. As insurers partner with technology and service providers, often to minimize costs, customers are losing the power to choose which IR firms they can work with and what technology providers they can implement.

In addition, how these recommended technologies are implemented is often not monitored in an ongoing way, which means the security of critical assets may not be continuous. Many insurance company claims teams are utilizing high volume digital forensic firms that, as a result, aren’t necessarily imaging all of the evidence in a case. The ramifications of the gaps created by this high volume digital forensics scheme have yet to be seen in this rapidly changing space.

Cybercrime has continued to rapidly increase in 2023 and cyber insurance cost increases have kept pace. According to a recent study of 3,000 cybersecurity and IT professionals, 95% of organizations that purchased a cyber insurance policy in the last year reported a direct impact of this trend on their cyber coverage:

  • 60% said it impacted their ability to get coverage;
  • 62% said it impacted the cost of their coverage;
  • and 28% said it impacted the terms of their policy.

While cyber insurance is a critical component of a risk-loss management strategy, the cost benefit is becoming more difficult to analyse owing to continued cyberattacks and increasing premiums. As the cost of premiums increase and organizations learn to implement better system backups, some have opted to invest more heavily in system recovery procedures over cyber insurance.

Cybercrime Expected To Skyrocket in Coming Years
Losses from cybercrime are expected to surge in the next five years Image: Statista

In addition to rising rates, insurers have introduced exclusion clauses into policies in an effort to minimize risk exposure. In the past two years, many cyber insurers have focused on potentially catastrophic cyber risk, including fallout from geopolitical conflicts and corresponding nation state activity. For example, Lloyd’s of London mandated new war exclusion wording, while Marsh continues to question insurers on clients’ behalf regarding their approach to war and cyber catastrophic risk.

The challenge facing insurance companies is quantifying the risk and complexity of measuring the cascading impact of a cyber attack. This monumental task is complicated by a rapidly evolving threat landscape. Without continuous monitoring and reassessments to analyse the insured’s internal environment, the risk quantification is considered static and difficult to predictably rely on.

Several IR cases point to Fortune 1000 organizations with eight-figure cybersecurity budgets that get compromised owing to poor implementation of tools and the lack of a critical asset inventory. Furthermore, appropriate internal and third-party access control continues to be a challenge for all organizations and something that cannot be surfaced by questionnaires and control checklists.

The Costliest Types of Cyber Crime. cyber insurance
What cybercrimes have led to the biggest financial losses? Image: FBI Internet Crime Report/Statista

Cyber risk management is being driven by advances in predictive aggregation models, improved cyber hygiene, ways to prioritize investments, greater information sharing between private and public entities, and increased government actions and regulations in support of a cyber resilient society.

While these advances can improve internal risk management, they rely on detailed, reliable and continuous data. There is often a gap between the quality and quantity of information available to the insurers and the insured. Consequently, questionnaires are becoming more lengthy and complicated for potential insureds to fill out, often muddling the understanding of the final cyber coverage for the insured.

Organizations can minimize and even simplify risk assessments by focusing on four core areas. These can be summarized in four core questions that will be asked by the IR team in the event of a breach:

What type of firewall is being used?

  • It is absolutely essential that a firewall be in place in any cyber defence structure. It is the drawbridge and fortified door guarding the castle.
  • Equally as critical is the need for at least 60 days of firewall logs, six months if possible. Just like security camera footage, firewall logs are vital evidence in a potential cyber incident.

How is the environment backed up?

  • Spending the money for quality back-ups is as important as cyber insurance premiums.
  • Ensure your back-ups are configured to be immune to any possible network intrusion or infection
  • Back-up length needs to be industry appropriate for the timeline and budget that your industry demands

Is there a multifactor authentication (MFA) in place for all users?

  • An MFA requirement for access to any company system is not optional and needs to be implemented so that it cannot be compromised without gross negligence.
  • This needs to apply to all departments and levels of employees throughout the company with a zero-exception policy.

Do you regularly verify who has access to your systems?

  • Having a system of changing passwords is not enough; you need to verify who has access to what systems and software at least quarterly.
  • The lowest level of access policies must be mandatory to ensure proper risk mitigation.The principle of least privilege (POLP) model is mandatory to ensure proper risk mitigation. POLP is a concept that limits users' access rights to only what are strictly required to do their jobs.
  • Having a tool that sends alerts when new accounts are created is a necessary cost to ensure unauthorized users can be identified immediately within the environment.

Despite the increasing complexity in cyber insurance and rapidly emerging and changing cyber threats, addressing these questions can help security leaders and cyber insurance providers alike bridge the knowledge gap between insurers and insured.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

FBI takes down army of ‘zombie’ computers. Here what to know

David Elliott

June 19, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum