Dive Brief:
- The “vast majority” of cyber insurers plan to remain in the market over the next three years as the industry establishes an operations baseline to cope with very high claim volume, research from Panaseer released this week shows.
- There's underlying confidence in how insurers evaluate customers' security postures. Nine in 10 cyber insurance decision makers are either somewhat or very confident in the cyber insurance underwriting process.
- Yet, to keep up with demand, cyber insurers acknowledge the need to rethink the underwriting process. Nine out of 10 respondents want to create a consistent, metric-based approach to measuring an organization's cyber risk, the survey of 400 cyber insurance decision makers shows.
Dive Insight:
During the next two years, almost half of the 200 U.S. respondents said they want to require detailed evidence of an organization's security posture. More than one-third of the 200 U.K. respondents said the same.
But the cyber insurance market has not clearly defined what cybersecurity factors are most important when evaluating a security posture. Respondents placed a higher emphasis on cloud security and security awareness, but the report’s eight security domains remain tightly grouped together.
Cyber insurers closely grouped the most important security posture factors
Rather than adhering to a clear baseline of security standards, the cyber insurance field can change with the market's whims. The emphasis on cloud security, the report notes, is likely the result of companies moving to hybrid environments.
Meanwhile, endpoint detection and response tools, which can track the bevy of endpoints that create openings for threat actors in an enterprise environment, fell to the bottom of the factor list.
The reality is the tools employed for managing a secure environment are less important than the tactics. Recent reporting from Cybersecurity Dive shows that insurers want to see organized and proactive means for managing risk.
For now, it's up to the individual organizations to define and implement what tools and standards are required to defend against cyberthreats