Tackling the Surge in Cyber Premiums

Cyber insurers are learning, but clients must also act: They must adopt an aggressive and comprehensive approach to cybersecurity.

Blue circles surrounding other circles against a grey background and all around binary code in the center circle


--Client organizations must implement regular security assessments, vulnerability management and continuous monitoring.

--They must set up controls, such as multi-factor authentication, to make it harder for criminals to compromise privileged identities in corporate networks.

--Clients need to prepare well-defined plans to respond to any cyber incident.

--And they must build strong relationships with insurers and regularly discuss industry trends.


In the face of continuously evolving and increasingly prevalent cyber threats, organizations have recognized the importance of cyber insurance as a crucial risk management tool. However, a recent survey conducted by Delinea shed light on one prominent challenge organizations encounter when seeking cyber insurance coverage – fluctuating costs.

The survey revealed that 75% of respondents said cyber insurance premiums were increased with their last renewal. U.S. cyber insurance premiums reportedly surged 50% in 2022.

The jump is primarily driven by the rising demand for coverage in light of frequent and costly cybercrime incidents. In 2022, the FBI reported that businesses had lost over $43 billion through business email compromise attacks since 2016.

With the frequency and sophistication of cyberattacks on the rise, insurance providers have been compelled to raise premiums and impose stricter requirements to maintain their economic viability. Some companies have reduced coverage caps or limited the number of policies they offer. Consequently, client organizations face greater challenges when attempting to secure the necessary coverage.

But cyber insurers have evolved and learned from past cyber incidents, which means policies are improving and risks are better understood.

To do their part, client organizations must understand that cyber insurance is a financial safety net and not security itself. Organizations need to adopt an aggressive and comprehensive approach to cybersecurity. Cyber insurance does not make your cybersecurity better, but it may force you to reduce your risks to meet the insurance requirements.  

See also: Cyber Insurance Market Hardens

Combat Rising Cyber Insurance Premiums

Here are a few strategies organizations can implement to combat rising cyber insurance premiums:

Proactive Cybersecurity Measures: These include regular security assessments, vulnerability management and continuous monitoring. 

Privileged Access Management (PAM): Insurers are increasingly emphasizing the importance of PAM in cyber insurance evaluations. Compromised privileged identities are the most common cause of data breaches, making securing privileged access critical to reducing risk. Implementing PAM controls, such as multi-factor authentication, password management, access control and least privilege, helps organizations secure privileged access and reduce the risk of data breaches. 

Incident Response Planning: Having a well-defined incident response plan is crucial for organizations to minimize the impact of cyber incidents. Insurers may consider the effectiveness of an organization's incident response capabilities when determining premiums. 

Engagement With Cyber Insurance Providers: Building strong relationships with insurers and regularly discussing industry trends and risk mitigation strategies can help organizations gain insights and negotiate more favorable terms. 

As cyber threats evolve and organizations increasingly rely on cyber insurance for financial risk management, the rising costs of cyberattacks pose challenges for the insurance industry and organizations alike. By demonstrating a commitment to risk reduction and implementing comprehensive cybersecurity strategies, organizations can manage financial risks associated with cyber incidents. Together, organizations and insurers can combat the escalating costs of cyberattacks and ensure the availability of comprehensive cyber insurance coverage now and in the future.

Joseph Carson

Profile picture for user JosephCarson

Joseph Carson

Joseph Carson is the chief security scientist and advisory CISO at Delinea.

He has more than 25 years of experience in enterprise security and infrastructure. Carson is an active member of the cybersecurity community and a certified information systems security professional (CISSP). He is also a cybersecurity adviser to several governments, critical infrastructure organizations and financial and transportation industries, He speaks at conferences globally.


Read More