The cyber insurance industry continues to be in a unique position to affect critical change within the information security industry. The number and type of claims emanating from third party incidents, such as claims from thousands of businesses affected by “industry” incidents like the MOVEit Transfer, Change Healthcare and CDK Global events, will be substantial – with significant economic impact to carriers. This impact clearly justifies additional inquiry into third party risk during the underwriting process. It highlights the need to require prospective insureds to have vendor management programs, and to provide proof of these programs during the underwriting process. Doing so will not only facilitate more secure networks, but will produce much better underwriting risks.

AI is supercharging cyberattacks, making them more sophisticated and rapid than ever before. As hackers leverage AI to enhance their capabilities, it’s imperative for organizations to elevate their defenses. Regularly testing and updating your cybersecurity measures is no longer optional — it’s essential. The stakes are higher, and staying ahead requires a proactive and rigorous approach to security, ensuring that your defenses are both robust and resilient against evolving threats.

We continue to see SME clients transform their business to be more reliant on digital systems while failing to understand the inherent risks that come from complex digital ecosystems. This becomes very evident during the recovery process for a client where it’s clear they haven’t planned for resilience in their digital platform nor practiced operating their business processes during a crisis scenario. Helping educate companies on their digital systemic risks and build a proper resiliency plan for the business is vital.

The cost of cyber insurance claims remains significant, making addressing the issues leading to high payouts crucial. The ~$40k gap and significant correlation between incident costs and payouts underscores the particular value of cyber insurance in mitigating issues, helping insureds avoid uncovered costs. Organizations must continue to move beyond a reactive stance and adopt a proactive, holistic approach to cyber risk.