Cyber insurance underwriting is a necessary evil in the digital era. Companies and government agencies alike need to protect themselves against significant financial losses in the event of a cyberattack. Insurance companies provide coverage through policies that can be quite expensive. To the insured, keeping premiums as low as possible is all about taking the necessary precautions.
Common sense dictates that security practices impact premiums. Cyber insurance is no different than any other form of insurance in this regard. Proper practices reduce risk. When risk goes down, premiums are more easily controlled. It is the way insurance has always worked.
Insured organizations should also know that underwriters utilize a variety of tools to help them assess risk. DarkOwl, a leading darknet data firm with cutting edge cybersecurity solutions, “enables cyber insurance carriers, reinsurers, and technology platforms to leverage the deepest source of darknet data to better identify, benchmark, and measure” their risks. In other words, insurance carriers and underwriters are paying attention to what their clients are doing.
Ransomware and Email Scams
Research conducted last summer reveals that more than 80% of all cyber insurance claims are related to one of two issues: ransomware and email scams. It’s a hard number to swallow for people who just assume that modern hacking is a complex and technologically advanced enterprise.
No doubt hackers have become more sophisticated in the way they do things. But at the end of the day, they go after the softest targets. Hackers know that ransomware attacks are easy to pull off if they can just manage to steal credentials. And credentials are easily stolen through email scams.
What does this mean to cyber insurance underwriting? It means that organizations that do not take every possible step to secure credentials and email present a higher risk. Those organizations will pay higher cyber insurance premiums – if they can find insurance carriers to cover them at all.
Two Easy Solutions
The interesting thing about all of this is that there are two easy solutions that address most problems related to ransomware and email scams. Here they are:
1. Multi-Factor Authentication
Multi-factor authentication (MFA) is one of the most effective tools in the fight against network breaches. Even when credentials are stolen, MFA makes it extremely difficult for hackers to gain unauthorized access in a straightforward way. They need to work a lot harder to get in.
2. Secure Email Systems
A secure email system with robust security tools is an excellent weapon against email scams. For example, Google Workspace is a highly respected platform and one that cyber insurers trust. The more secure an email service is, the less likely hackers are to leverage it for stealing credentials and other sensitive information. This explains why that same research reveals that customers who use Google Workspace pay lower cyber insurance premiums.
The Problem of Self-Managed VPNs
On the other end of the spectrum are self-managed virtual private networks (VPNs). Companies utilizing them are apparently more than three times more likely to file cybersecurity claims. Ransomware is the big culprit.
It would appear as though self-managed VPNs are not as secure as they should be. That could be due to the improper assumption that a VPN is already the most secure type of network out there. But it’s not. Hackers know their way around most VPNs. It is only a matter of time before they breach a targeted network.
Cyber insurance carriers and reinsurers are wary of self-managed VPNs. Any clients utilizing them undoubtedly pay higher premiums. One suggestion for mitigating higher insurance costs is to employ managed detection and response (MDR) alongside a VPN.
Backups Shouldn’t Even Be a Question
Multi-factor authentication and secure email represent two fairly easy ways to prevent ransomware attacks and stolen credentials via email. And when email is secure, the likelihood of phishing attacks also goes down. But given that ransomware is so popular, there is yet another tool cyber insurance underwriting looks for: the simple backup.
According to last summer’s research, companies employing robust backup techniques are more than two times less likely to have to pay a ransom. It makes sense. There is no need to pay a ransom when your entire system can be restored with a backup. The fact is that backups should not even be a question.
The 3-2-1 Principle
The cyber insurance industry recommends handling backups based on the 3-2-1 principle. Here’s how it works:
- Organizations create 3 separate backups.
- Backups are saved to a minimum of 2 different media types.
- At least 1 backup is stored off-site.
According to a report from a well-known cyber insurance company, policyholders implementing the 3-2-1 principle experienced 72% lower financial losses – related to ransomware – compared to businesses that did not maintain robust backups.
A Crime That Commands Millions
It’s no wonder that cyber insurance carriers focus so much attention on ransomware. It is a fairly easy crime to commit and one that can net millions of dollars per incident. In fact, one of the most infamous ransomware attacks committed in 2024 cost Change Healthcare some $22 million.
That is a huge payday for an individual hacker or a group that probably spent minimal time stealing credentials and breaking into a network. Once in, it probably took some work to lock down the network, but the payday was worth it.
Insurance companies looking at payouts worth millions are facing their own sizable risks. Likewise for the reinsurers that keep them solvent. Up and down the insurance supply chain, risk influences premiums. That’s just the way it is.
Cyber Insurance Underwriting in 2025
Numbers from 2024 indicate a record-breaking year for hackers specializing in ransomware. Conversely, it was a bad year for cyber insurance underwriting. What will change in 2025? Obviously, premiums will go up commensurate with increased risk. But expect insurance carriers, reinsurers, and technology platforms to double down on their efforts to detect threats before they materialize. The only way they mitigate their losses is to stay one step ahead of the attackers.
