Cyber insurance is the IT standard
Insurers have understood the potential IT security risk and have aligned and diversified their insurance policies accordingly. Although it is a growth market, it is becoming increasingly difficult for policyholders to take out insurance at attractive conditions if adequate security precautions are lacking or cannot be proven.
Arctic Wolf, a provider of security operations, has published the results of its annual State of Cybersecurity 2024 Trends Report. The report is based on a global survey of more than 1,000 senior IT and cybersecurity decision-makers.
The latest study by Arctic Wolf shows that more than half of companies in Germany, Austria and Switzerland now have an active cyber insurance policy. A further 39 percent stated that they are either currently taking out a policy or will be looking to do so within the next twelve months. Only five percent are hesitant or are in a situation where they do not qualify for insurance cover. Nevertheless, the DACH region is currently still a growth market.
"100% cyber protection is not realistically possible at a time when attackers are working with the help of AI and a high degree of professionalization and are targeting ever larger attack surfaces," explains Sebastian Schmerl, Regional Vice President Security Services EMEA at Arctic Wolf. "That's why cyber insurance is an important tool for covering the 'last mile' of cyber protection, i.e. minimizing potential financial losses. But of course, insurance is no substitute for comprehensive security measures, it is the last resort."
Due to the tense threat situation and growing losses, insurance companies are now carrying out a detailed risk assessment and reviewing the protective measures used before granting insurance and setting the premium amount.
Security measures in demand. Firewalls are the top priority for companies.
"Providing evidence of security measures can be a challenge if there is no overview of the measures in place or specific emergency plans," says Sebastian Schmerl. "All security-relevant data comes together in Security Operations Centers - SOCs - which facilitates the exchange of information with insurance companies. As medium-sized companies in particular do not usually have their own SOC, companies and insurance companies can work together with security partners that offer security operations as a service.
These not only monitor the attack surface and improve the security situation, but also provide all the information required for risk assessment and thus the basis for setting the insurance premium."
Ransom is often paid
Cyber criminals are putting their victims under a lot of pressure and demanding ever higher ransoms. An analysis by Arctic Wolf revealed that initial ransom demands rose by 20 percent last year to an average of 600,000 US dollars. Contrary to the recommendation of law enforcement authorities, a ransom was paid in 82% of cases worldwide last year (77% in DACH), and in 30% of cases the cyber insurance covered at least part of it. In nine out of ten cases in the DACH region, a ransomware negotiator was also called in, who was able to successfully reduce the amount in around 60% of cases.
There is a huge time lag in dealing with security incidents, which varies greatly from attack to attack. Ransomware cases, for example, take significantly longer than business email compromise cases. According to Arctic Wolf, it takes on average around
70 days until the incident response activities for a ransomware incident are completed and full business continuity is restored.
If an attack has been detected, companies can approach incident response providers themselves. The German Federal Office for Information Security (BSI), for example, provides a list of qualified APT response service providers on its website who can help defend against ongoing or past attacks. Alternatively, cyber insurance providers can also work with security providers such as Arctic Wolf.
