Cyber models falling behind risk curve, but carriers remain committed

Cyber insurance models may be ever less capable of handling rising security risks, enough to trigger widespread calls for change, but insufficient to chase many players from the field, a survey of US and UK insurers by security firm Panaseer has indicated.

Less than half of surveyed insurers claimed to be "very confident" in their cyber underwriting processes and 44% are only "somewhat confident," the survey showed. Some 9.5% are either "not that confident t" or "not at all confident," a figure that rises to 15% among UK respondents.

A full 74% of respondents across the two countries admit that their own "inability to accurately understand a customer’s security posture” is impacting price increases.

For a minority of respondence, the lack of confidence in risk modelling could eventual merit a backdown from the business line. Some 11% of UK respondents said they wouldn’t continue to offer cyber insurance in three years if their method of assessing risk did make a leap forward.

But a full 84% of survey respondents say they will hold the course, despite the palpable run-up in claims and the volatility in pricing and conditions that the rough and tumble market forces on players.

That market won't calm soon: 82% of insurers across the UK and US are expecting the rise in premiums to continue. Beyond their own doubts on underwriting, 78% of insurers blame the increasing cost of ransomware as a leading factor. The "increasing sophistication of cyber threat actors" is also at play, cited by 73% of participants, as are increased threats to software supply chains, named by 79%.

“The old way of doing cyber insurance is coming under pressure,” Panaseer security and risk expert Andreas Wuchner (pictured) said. “The industry needs a more mature approach to oversight, otherwise premiums will just continue to increase.”

Many of the insurer demands for change are focused on metrics. Some 87% or respondents seek a consistent industry-wide approach to analysing a customer's cyber risk using accurate security metrics and measures. This rises to 95% among US respondents. Similarly, 89% of insurers believe it would be valuable to have direct access to customer metrics and measures proving the status of their security controls.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.