Cyber risk is everywhere. From credential theft to misconfigurations to vulnerabilities and even phishing attempts, there are cybercriminals poking and prodding at organizations from every angle. This means that organizations not only need to up their cybersecurity, but they also need to think about it in terms of risk and how to holistically mitigate that risk — from identifying threats to protecting against them and responding to them.

Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.”

Insurance companies are among the businesses more reliant than ever on technology and information systems for daily processes. Insurance technology, or insurtech, improves the efficiency of the insurance industry but can also increase attack surfaces, making the data insurers collect more vulnerable to theft.

A new report highlights the direct connection between how strong your organization’s security stance is and how easy it is to obtain cyber insurance. Like any insurance policy, the insurer has figured out the indicators of risk and includes a form of assessment when considering issuing you a policy. When you want to obtain car insurance, they ask about your driving record, where you live, and even what your credit score is – all to determine how much of a risk you are.

As cyber attacks continue to grow in sophistication, frequency, cyber insurers are expecting their market to double in the next two years. I’ve spent a lot of time here on this blog educating you on attack specifics, industry trends, and the impacts felt by attacks. I’ve also talked quite a bit about cyber insurance and the trends therein. But seldom have we been able to combine the two and present the state of cyber attacks from an insurer’s perspective.

I get the WSJ Cybersecurity newsletter, which by the way is warmly recommended. Kim Nash today reported a shocker which will make everyone's insurance premiums go even further up: "Six years after the worldwide NotPetya cyberattack, a court ruled insurers for Merck & Co. must help cover $1.4 billion in losses. New Jersey appellate division judges rejected the insurers' argument that the 2017 attack, which U.S.

Most cybersecurity professionals know that cyber breaches increase each year. So it’s no surprise that the cybersecurity insurance business also keeps growing briskly. According to data from Markets and Markets and Polaris Market Research, the cyber insurance market swelled to $11.9 billion worldwide in 2022, up from $10.1 billion the previous year, and is projected to grow to more than $29 billion by 2027.

In an interesting twist, new data hints that organizations with cyber insurance may be relying on it too much, instead of shoring up security to ensure attacks never succeed. Cyber insurance should be seen as an absolute last resort and shouldn’t be seen as a sure thing (in terms of a claim payout).