Cyber Insurance Needs to Grow Up

Cyber Insurance Needs to Grow Up

10973922862?profile=RESIZE_710x

You can’t insure, what you don’t understand.

The cybersecurity insurance industry is in a tumultuous period, with skyrocketing deductibles, new limitations, hidden assumptions, and suffering from a slew of lawsuits from customers. The market is hot, with many companies now seeking cyber insurance policies, but some insurers are pulling back because of unexpectedly high payouts leading to losses, while others are blindly diving in to get a piece of the action. The insurance industry has a reputation for being stable and predictable over time but has failed to grasp the ambiguity and unpredictable nature of cyber.

I will outline what it will take for insurance companies to succeed, but first, a story:

I remember, well over a decade ago, speaking to the insurance industry about the need and challenges for the emerging cybersecurity insurance market. I had just published my Return on Security Investment (ROSI) paper and annually recurring cybersecurity predictions. With a refreshed understanding of the difficulties in foretelling the risks and likelihoods of cyber-attacks, I warned the insurance community that their normal actuary methods would not work over time and they would need to approach the growing chaotic uncertainty and radical shifts, driven by the intelligent attackers who take advantage of rapid technology innovation and adoption, in entirely different ways.

I was summarily dismissed time and again with comments like “you don’t know insurance”, “we are the experts”, “we do this type of work all the time” and my favorite “we have algorithms that can predict this type of activity”.

WRONG!

Cybersecurity insurance has struggled with inconsistency and a high degree of variability — not the attributes that are conducive to the insurance industry. Only now are they realizing the challenges and their inability to get ahead of the problems. In December, Mario Greco the CEO of Zurich Insurance, one of Europe’s biggest insurance companies, stated that as cyber-attacks grow, they “will become uninsurable”.

Well, that is not exactly the truth. If the industry’s inability to predict losses continues, then yes, insurance companies will not be able to charge correct premiums that cover community losses. But, if they do get a better grasp, then they can run the business to properly insure against catastrophic events while simultaneously making a decent profit.

So, I am happy to see that some insurance companies are realizing they didn’t know, what they didn’t know, and are building specialized centers of excellence to better understand the nuances which make insuring against cybersecurity incidents so difficult. Liberty Mutual Insurance recently announced the opening of a Global Risks Solutions Cyber office. Perhaps a decade late, but this is a necessary step.

10973925253?profile=RESIZE_710x

Now, my advice to you (listen up cyber insurance companies) is to bring in real cybersecurity experts!

No, you don’t have them in-house.

No, you cannot simply slap ‘cyber’ on the title of an actuary person or executive and expect them to understand the important nuances of cyber.

No, those guys in IT and Engineering are not cybersecurity experts either.

You need people who have actually been in the trenches, shown proficiency and thought leadership, and wear the scars earned over the years, with pride.

Here are your simple criteria: Find people that have a strong history of PREDICTING cybersecurity macro trends. That is the key to algorithmic foundations that integrate the right aspects of risk over time. That is what it will take to build a robust, fair, profitable, and competitive cybersecurity industry business that will superbly service customers over time.

The cybersecurity insurance industry must transform itself in order to survive. Success requires it shed legacy preconceptions and evolve its practices to adapt to the shifts that govern risks and losses in the cyber world.

 

Votes: 0
E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (bi-monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO Meetup at BlackHat Las Vegas 2025

  • Description:

    We are excited to welcome you to the CISO Meetup during BlackHat USA 2025 in Las Vegas! Join us for an exclusive networking, meaningful conversations, and community building with top CISOs and cybersecurity leaders from around the globe. 

    Meetup Details:

    Location: Mandalay Bay, Las Vegas …

  • Created by: Biswajit Banerjee
  • Tags: ciso, black hat, black hat 2025, black hat usa

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee