Thought Leadership

Growing Cyber Risk Means that Cyber Insurance Is Getting More Expensive

Cyber Insurance

(July 21, 2021) Organizations carry insurance covering a variety of different risks, from general and professional liability to commercial property to business interruption. Given the ever-increasing threat of costly cyberattacks, cyber insurance is also becoming a business necessity. However, growing cyber risk means that cyber insurance is getting more expensive.

According to the Cyber Readiness Report 2021 from specialist insurer Hiscox, 43 percent of organizations were attacked in 2020, up from 38 percent the previous year. More than one-quarter (28 percent) experienced five or more attacks. More than one-sixth (17 percent) said the financial impact of cybercrime threatened the organization’s future.

Cyber insurance transfers some of that risk to the insurer, offsetting costs associated with the investigation and remediation of a security breach, along with crisis management, notification of affected individuals, and legal and regulatory issues. Some policies may also cover the costs of downtime, data loss, and business disruption.

However, cyber insurance was never meant to replace a comprehensive security strategy. A thorough risk assessment can help organizations focus their cybersecurity efforts and better evaluate the types of coverages that are available.

The Cyber Insurance Challenge

With global losses from cybercrime totaling almost $1 trillion in 2020, insurers are becoming less interested in providing coverage for cyber liabilities. In addition, the insurance industry has a very limited amount of historic data from cyber insurance policies, making it more difficult to predict losses and set rates and policy limits.

At the same time, organizations are becoming less likely to buy cyber insurance. The economic challenges associated with the pandemic have left organizations with a limited budget to purchase policies, despite the spate of cyberattacks. According to the Hiscox report, the number of companies globally with standalone cyber insurance policies inched up to 27 percent in 2020, from 26 percent the previous year. In the U.S., the number remained flat at 33 percent.

That’s unfortunate for companies that fall victim to attack and for the cyber insurance industry. In its 2020 Cost of a Data Breach Study, the Ponemon Institute found that organizations suffer losses of $3.86 million per incident, on average. Yet the total cyber insurance premium worldwide is estimated at just $5 billion, according to a report from Harvard Business Review. With such a small pool, insurers face significant exposure. A handful of insured losses could wipe out the industry.

Obtaining Coverage

Purchasing a cyber insurance policy can be beneficial, but there are a number of factors to consider. The first step is to understand the various costs of a security breach, which include expenses for data forensics, breach cleanup, notifications, legal fees, and regulatory fines. Business disruption and customer churn are more difficult to calculate but are an important part of the equation.

Next, organizations should carefully review various policies against potential risk to ensure they get adequate coverage. All policies have definitions, exclusions, thresholds, and other limitations. The fine print needs to be reviewed carefully with an eye toward any loopholes that might void coverage or allow the insurer to deny a claim.

Cyber insurance carriers are going to want assurances that an organization has certain baseline security measures in place. A qualified managed services provider (MSP) can assess the organization’s current cybersecurity infrastructure, perform a gap analysis, and implement tools and processes to better protect against threats. This helps reduce the risk of a breach and puts the organization in a better position to obtain the most cost-efficient coverage.

Cyber insurance is becoming a business necessity, but as premium costs rise organizations must carefully consider the risks to the business and how much liability can be shifted to the insurance company. A certified MSP can help evaluate specific risk mitigation approaches and lay the groundwork for obtaining coverage.


Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution