Skip to content
Naked Security Naked Security

‘Fear factor pushing up cyber-insurance premiums’

'Insurers don't really know how to measure their risk exposure', warns one expert

Awareness of the risks attached to technology is generally held to be a good thing, and indeed Naked Security is among those publications that would promote it. There’s a downside, however: according to CFC Underwriting, the fear of security incidents is driving cyber-insurance premiums up in the UK – and contacts have suggested it will go further than that.

CFC’s point is that the knowledge of incidents like the Yahoo! breach last year and others has increased the demand for cyber-insurance up by around 50% and when a market demands more of something the price is bound to increase. The same research, launched at the company’s symposium, said that claims were up 78% (a lot of which is probably accounted for by the fact that more businesses are now insured).

The biggest single driver of this boost to the insurance industry is the so-called “fear factor” – people are simply afraid that they will be hit, regardless of the precautions they take.

This is reasonable enough at first glance but there may be some drawbacks. Lev Lesokhin, Exec VP of Strategy and Analytics at CAST Software, which analyses existing software to see how secure it is, backed the company’s findings up only partially. “Yes, cyber is a business opportunity for insurance companies. Where there’s risk, there’s insurance.

“It is an increasing business in the US and EU, not just UK.”

However, there was more – you’re dealing with insurers rather than tech specialists, which brings its own set of trials, he says. “The problem is you have to read the ‘fine print’, because the insurance companies don’t really know how to measure their risk exposure. We are having a conversation with one major insurance provider about their cyber-business, for whom seeing a benchmark like our AppMarq index is a completely new level of insight compared to what the industry currently has.”


Hopefully this will abate sooner than later… what clearly needs to happen is what’s already well-established practice in other areas. High-risks are (reasonably) accurately determined, and the insured can qualify for lower rates after meeting certain criteria.

If you’re a smoker, your home and health insurance rises. If you’re a male driver under 25 (at least in the US), your rates are higher by default. The OBD devices companies mail their customers offer them the chance to reduce their rates by illustrating safe driving practices.

Those who subscribe to regular penetration testing services and prove they can meet or exceed security standards should be able to qualify for cyber insurance rates below the ionosphere.

Frequent occupants of the NS front page *cough*UberYahoo*cough* illustrate the opposite and will pay more. Eventually they learn or pay enough fines/premiums to go bankrupt–whereupon a more secure rival assumes their place. We get better products, the tech companies learn a few things, and the insurance CEOs continue to build swimming pools lined with money

Everyone wins!


The AppMarq Index link in your article contains a link to an interesting sideline that concludes Cobalt programs are far safer than Java programs.

Seems like the future forecaste is one of exponential risk growth (and cost). Just saying…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!