"Cyber Insurers Looking for New Risk Assessment Models"

Security researchers at Panaseer discovered that cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims.  The researchers surveyed 400 global insurers, CISOs, and risk experts to conduct the study.  The researchers found a lack of confidence in underwriting processes.  Only 44% of insurers said they were very confident in evaluating cyber risk, with 46.5% warning that they were somewhat confident and almost one in 10 admitting that they were "not that confident" in their underwriting capabilities for cyber insurance.  The researchers noted that cloud security topped the list of factors when assessing a client's security posture at 40%.  Security awareness and application security came next.  Identity access management and endpoint detection and response, which is typically vital factors in avoiding phishing attacks and malware infection, came last, with just one in four cyber insurance companies considering these as important factors.  Almost nine in 10 insurers called for a consistent industry approach to evaluate client cyber risk.  In the US, requiring more detailed evidence of a client's security posture topped the list of risk assessment changes that insurers are planning over the next two years.  Reducing customer numbers was the second most likely measure.  The researchers warned that cyber insurers are beginning to avoid offering coverage for ransomware attacks.  According to the study, manufacturing companies made the most cyber insurance claims, followed by financial services and healthcare.

Infosecurity reports: "Cyber Insurers Looking for New Risk Assessment Models"