Easing Access to Cyber Insurance

Insurers find it hard to gauge each client's level of cyber risk. Managed security service providers (MSSPs) can provide client readiness reports. 

Selective Focus Photography of Gray Chain Link Fence

Cybersecurity Ventures predicts payouts from cybercrime victims will reach $10.5 trillion by 2025. Cybercrime has become the world’s most profitable non-government enterprise—larger than the illegal drug trade and larger than all but three of the world’s national economies. In this environment, companies large and small are turning to cyber insurance for protection. 

For insurers, though, it’s challenging to gauge each client’s level of risk. Understanding the risk from cyberattacks requires highly accurate assessments of each client’s security defenses, assessments that are increasingly difficult to obtain as cyber-defense technologies evolve and attacks become more complex.

See also: The Evolving Landscape of Cybersecurity

Elements of Attack Prevention

The keys to good protection are visibility, threat detection, and rapid responses to attacks.

Visibility must include all IT and operational technology (OT) infrastructure, including the network, servers, endpoint devices, applications, cloud instances, and user behavior.

Threat detection mechanisms must be able to identify anomalous conditions and also to correlate multiple threat signals to reveal multi-vector attacks. (Most large cyber-attacks use a combination of tactics – tactics that may individually seem innocuous.)

Rapid responses are essential because the more time hackers have inside the infrastructure, the more damage they can do. Many large thefts of personal financial information from businesses like AT&T or Target weren’t discovered for months. Many cybersecurity tools now use AI to improve response time.

Insurers should strongly encourage clients to implement these mechanisms.

See also: As Cybercrime Advances. Cybersecurity Must Keep Up.

Gauging the Risk

For insurers, it’s essential to stay abreast of the evolving cybersecurity landscape (attack types as well as how they’re being defeated),and to have accurate sources of data that reveal each client’s readiness for cyberattacks. 

Larger companies that staff their own security operations (SecOps) facilities can provide readiness metrics that show how and where attacks are occurring and how they’re being stopped. These reports are typically prepared for upper management by the IT managers or directors, but there’s no reason insurers shouldn’t have access to them, as well.

Small and mid-sized companies without the resources to staff a SecOps center may outsource the function to managed security service providers (MSSPs), and these services can also provide client readiness reports to insurers. Ideally, SecOps centers and MSSPs can be a bridge between insurers and prospective clients.

Insurers working with small or mid-sized companies can use MSSPs to open a new channel through which to reach potential customers, access expert regulatory compliance support, and create individually tailored coverage that meets their needs as well as their clients’ needs.

For potential clients, readiness reports and referrals to participating cyber insurance groups streamlines the process of obtaining insurance.

By partnering with cybersecurity providers, insurers gain expert advice about whether potential clients are protected, along with direct access to a new funnel of prospective clients from providers those clients already trust.


Andrew Homer

Profile picture for user AndrewHomer

Andrew Homer

Andrew Homer is vice president of technology alliances at Stellar Cyber.

Previously, he led technology partnership alliances at notable cybersecurity companies, including iboss, Morphisec, and RSA. Prior to that, Homer spent over 15 years at EMC. 

He holds a bachelor’s degree from the University of Massachusetts and an MBA from Babson College.

Read More