Johannesburg, 01 Mar 2023
South African cyber insurers are putting more stringent risk-mitigation requirements in place, amending policies and reducing coverage in the face of a surge of costly cyber attacks worldwide.
These were among the findings of international research into the state of global cyber insurance, carried out by Arctic Wolf in partnership with Energize Marketing.
Jason Oehley, Regional Sales Manager: South Africa at Arctic Wolf, says the findings can be seen as an indication that the cyber insurance market is maturing.
“In much the same way that car insurance now focuses on low-risk behaviour and rewards, cyber insurers are now requiring that their policyholders build a strong cyber risk profile,” he says. “Those who mitigate risk effectively benefit from better cover and lower premiums.”
Oehley says cyber insurers, confronted with massive claims and growing risk, are making the requirements for cover more rigorous.
The survey found that globally, the top five security controls underwriters required to maintain or obtain a cyber security policy include anti-virus software (47%), implementing VPNs (41%), cloud monitoring software (26%), firewalls (23%) and multi-factor authentication (19%). However, there were noteworthy regional differences: while the US and UK tend to emphasise AV, VPNs and cloud monitoring, Canada, the rest of Europe and South Africa go beyond just those three controls by including firewalls, multi-factor authentication and vulnerability scanning and management, providing a much broader and more proactive set of controls to address potential vulnerabilities.
Few insurers currently require regular penetration testing, security awareness training, endpoint detection and response (EDR), security information and event management (SIEM) or data loss prevention. However, Oehley believes measures such as these will become increasingly important.
Coverage and expectations
The study notes that the global average cost of a data breach is $4.35 million, and in the US, the average cost is over $9.44 million. When faced with unrelenting cyber attacks, many organisations turn to their insurance company to cover their losses. But not all organisations are adequately protected, Oehley says.
The survey found that 99% of all respondents have a cyber insurance policy, with two-thirds of them having had their policies for under a year. Thirty-eight percent purchased the insurance because it is a risk management best practice.
Most survey respondents are not fully covered for all the costs of a breach, particularly the costs of business losses. In South Africa, only 30% of respondents said their insurance covered everything. Thirty-eight percent said their insurance excludes the ransom payment and 30% said theirs excludes other specific costs.
Arctic Wolf notes that to receive the best possible insurance cover at the most competitive cost, organisations will be expected to be able to demonstrate a history of preventing incidents and the ability to prevent, identify and mitigate ransomware attacks before they cripple the organisation.
“When customers build proactive, solid cyber security strategies with 24/7 eyes-on service, and vulnerability management and training built in, they see reductions of up to 30% in their premiums,” Oehley says. “The entire attack profile must be covered, so having an expert partner who builds the whole strategy and service and runs it for them is more beneficial than building it themselves.”
Arctic Wolf, in partnership with ITWeb, will host a webinar on 28 March to outline the emerging cyber threats of 2023, with insight into why insurance is not the only defence against cyber attack losses and how organisations should develop a proactive cyber security posture. For more information on this free event and to register, click here.
You can also download a report on The Global State of Cyber Insurance here.
Share