Yep, it’s that time of year again. The moment when that dreaded questionnaire from your Cyber Insurer lands on your desk like a ton of digital bricks. Suddenly, panic mode kicks in, and you’re transported back to those school days, facing an exam that seemed more daunting than Mount Everest. Remember how you used to play the skipping game with exam questions, hoping for a miracle to help you conjure up some brilliant answers? Yeah, it’s like déjà vu all over again.

In the face of increasingly frequent and severe cyber attacks, organizations with strong cybersecurity maturity are working hard to manage and mitigate their risk, while recognizing that these may no longer be enough.

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient. The topic of cyber insurance has been covered quite a bit here on this blog. From when cyber insurance first began as a concept, to the challenges it poses for organizations looking as their last resort after an attack, to changes in insurance policy and law.

Arctic Wolf and SC Media surveyed an audience of more than 500 North American IT security professionals in the fall of 2023 and discovered that, among those who currently have cyber insurance policies, 47% of them have had coverage for 12 months or less. A significant increase among the insured reflects the kind of growth one might expect from an industry that has seen monumental change in just a few short years.

New data from cyber insurance underwriters shows what they think the biggest threats will be in 2024 and what organizations should do about it. Because insurance underwriters analyse lots of risk data to make decisions about insurance premiums and policies, it makes sense to hear their perspective on 2024’s outlook will be. According to insurer Woodruff Sawyer’s Cyber Looking Ahead Guide 2024, there’s some good news and some bad news.

Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit. For insurers, risk evaluation is fundamental to establishing coverage limitations and pricing uninsurable risks appropriately.

As cyberattacks become more sophisticated, strong cybersecurity measures might not be enough to protect your organization. It’s not a matter of “if” cybersecurity incidents will occur but rather “when”. That’s why many organizations turn to cyber insurance for financial protection against cyber threats.

These statistics show that organizations struggled to maintain basic cybersecurity practices in 2023. But what can organizations do to improve their networks and help prevent attacks in 2024?