Digital Risk: Enterprises Need More Than Cyber Insurance

Cyber Resilience Must Do More

A New Approach to Cyber Insurance Coverage

by Laura Hiserodt , Staff Writer

The disconnect between transferring risk through insurance and mitigating risk through security is causing the cyber insurance industry to experience significant price swings. After years of severe loss ratios at 60%-80%, insurers increased premiums by 94% from 2019 to 2022. In 2023, prices have dropped dramatically despite continued strong cybercrime trends from ransomware actors.

This whiplash makes planning for insurance incredibly difficult for organizations and hurts cyber insurance as a risk transfer tool. At Resilience, we’re taking a new approach to cyber insurance. Our policies work in conjunction with enhanced cybersecurity visibility, connecting our pricing and coverage to our clients’ unique risk profiles. This approach prioritizes aligning the risk transfer process with the organization’s overall risk management strategy and has helped us achieve loss ratios that are less than 1/3rd of the industry average in 2022.

Transforming Cyber Insurance to Meet Emerging Security Risks

The cyber insurance industry needs more historical data and is overwhelmed by brilliant threat actors who constantly change their threat tactics. This has made it an incredible challenge to predict risk, leading to volatility in incident costs. In 2023, ransomware payments surpassed the $1.1 billion mark, the highest number ever observed. This represents a significant increase from 2022, where ransomware payments were around $567 million, described as an “anomaly” compared to the overall upward trend. 

The success of cyber insurance relies on data provided by cyber security, and risk mitigation relies on risk transfer to fill in any gaps. However, cybersecurity is losing faith in insurance solutions due to its disconnect from the more technical aspects of cyber risk. The insurance industry largely operates on status-quo benchmarking and fails to recognize organizations’ unique risks, leading to coverage and pricing that do not adequately address the right risks for each company.

A deeper approach has become necessary as cyber risks grow in complexity. Cyber risk modeling is a relatively new field that allows insurers to quantify their clients’ risk exposure. However, for traditional insurers who do not collect client data to feed these models, this can be just as ineffective as benchmarking.“Modeling cyber risk based on enhanced data visibility allows us to understand which threats matter most,” said Davis Hake, Co-Founder at Resilience. “Our data tells our clients how much loss their organization can handle through their coverage and reserves while sharing prioritized security recommendations to help their organization handle a breach without experiencing business interruption.”

Blending Insurance Coverage with Proactive Risk Management

At Resilience, our access to proprietary data models helps us offer coverage that addresses specific facets of our clients’ cyber risk. The work we do when we, as underwriters, base our policies on enhanced cybersecurity visibility is what we do from our expert assessments and analysis. These assessments consider the specific risk mitigation solutions that our clients have implemented to strengthen their risk posture. 

Referencing these controls on the front end and throughout our client’s policy periods allows our policies to respond to client risk profile changes. As our clients improve their controls and overall cyber hygiene, our underwriters continuously reference this data to offer coverage that aligns with their changing environment.

During a one-time consultation, most cyber insurance companies issue policies  with a risk manager, with questions answered by a security director and pricing based on industry benchmarking. Resilience takes a continuous approach to underwriting to adjust coverage based on improvements in the client’s security infrastructure. 

This process requires a partnership approach between our experts across insurance underwriting, claims, cybersecurity, risk quantification, etc. Our teams of experts are available to offer incident response support, connections for consultations around notification requirements, and 24/7 claims expertise to help our clients recover from an incident without impacting their ability to deliver value.
Through this partnership approach, we have seen dramatic results; out of our client base that opted into Resilience’s risk management solution with continuous engagement from our security team, none of the ransomware victims elected to pay any extortion in 2022.

Enhancing Your Cybersecurity Strategy with Comprehensive Insurance Coverage

By providing this cross-departmental expertise, Resilience understands our clients’ risk profiles better than any traditional cyber insurance provider in the market. This provides stability to our clients and a real partnership for managing cyber risk together.

With Resilience, you gain more than just insurance; you achieve a proactive, adaptive strategy tailored to the unique challenges of your business. Experience the difference with Resilience and ensure your organization is protected and prepared. Request a demo today and see how our innovative approach to cyber insurance coverage can enhance your company’s resilience against cyber threats.

You might also like

third-party cyber risk management

New Frontier: Cyber Risk Mitigation with Superforecasting

You’re a CISO, bombarded from all sides. New vulnerabilities emerge daily, vendors tout countless security solutions, and your inbox overflows with security alerts. Your skilled analysts are stretched thin, struggling to keep pace with the ever-evolving threat landscape. How do you make sense of it all? How do you prioritize investments, allocate resources, and make […]

third-party cyber risk management

Cybersecurity Essentials: The Role of Vulnerability Management in Building Cyber Resilient IT Systems

Navigating the complexities of cybersecurity requires a strategic approach to mitigate risks and safeguard IT systems. Central to this approach is vulnerability management, a systematic process that identifies, assesses, and prioritizes vulnerabilities within organizations’ infrastructure. Understanding what vulnerability management entails and how it contributes to preemptive cyber defense is critical.  According to a recent report […]

third-party cyber risk management

Mastering Cybersecurity Risk Metrics: A New Way to Think About Cyber Risk

Digital threats are not just possibilities but inevitabilities; understanding and calculating cyber risk is more than a precaution – it’s a necessity. Understanding cybersecurity metrics is essential to safeguarding and improving business operations. Calculating cyber risks simplifies complex issues and empowers professionals to communicate them clearly to improve their organization’s digital security. This requires a […]

third-party cyber risk management

Evolving Cybersecurity: From Risk Management to Cyber Resilience

With an astonishing 95% of cybersecurity breaches attributed to human error, organizations must educate, train, and implement a security foundation for all employees. This staggering statistic highlights the vulnerability of humans within digital infrastructures and underscores the importance of building a security-forward mindset into the culture of resilient businesses.   As cyber threats continue to lead […]

third-party cyber risk management

Counting the Cost: Understanding the Financial Risk of Cybersecurity Breaches

Cybersecurity breaches stand as a relentless challenge for organizations worldwide, causing substantial financial repercussions. As cyber threats advance in complexity, the economic impact on businesses intensifies, affecting everything from upfront costs to sustained financial health.  A thorough investigation into the financial risks posed by cybersecurity breaches reveals the breadth of direct and indirect expenses that […]

third-party cyber risk management

Rewriting the Rules of Cyber Security Risks: Part II

Building Cyber Resilience requires a new approach to assessing, measuring, and managing risk. Traditional thinking from both the security and insurance sectors views risk management in binary silos that either stop an attack or fail to prevent loss. However, the truth is that cyber security risk is significantly more complex. Being resilient to cyber security […]