top of page

Underwriters Expectations on Cyber Risk Management and Cyber Resilience

In the modern, interconnected business landscape, cyber resilience is crucial. Senior leaders are increasingly concerned about cyber risks, and the decision to acquire cyber insurance is not always straightforward. The rise in ransomware attacks has led to higher premiums and stricter coverage conditions. While compliance with cybersecurity frameworks is essential, it alone does not guarantee immunity from cyber threats.

The Importance of Cyber Resilience

Cyber resilience is vital for businesses to protect their systems, data, and supply chains from cyber-attacks. It goes beyond mere compliance with external industry frameworks, focusing on managing and mitigating specific cyber risks pertinent to an organisation. A robust cyber resilience strategy is crucial for ensuring uninterrupted business operations and safeguarding sensitive information.

The Limitation of Compliance-Driven Approach

While adhering to compliance frameworks assures partners and colleagues that critical controls are in place, it does not equate to managing cyber risk effectively. Relying solely on compliance can lead to a false sense of security, as it does not ensure complete protection from cyber threats.

Insurers’ Expectations

Insurers have adapted to the evolving cyber threat landscape by establishing minimum control baselines. They expect evidence of core controls such as Multi-Factor Authentication (MFA), privileged access management, and robust backup solutions, among others. These controls, when implemented effectively, enhance resilience and are recognised by cyber underwriters.

The Role of Risk Assessments

Risk assessments are pivotal in developing cyber resilience and facilitating the cyber insurance purchasing journey. They enable businesses to identify and prioritise cybersecurity risks specific to their organisation. A comprehensive risk assessment considers the threat landscape and its potential impact on operations, finance, data, and systems, allowing for more informed discussions between various stakeholders, including cyber underwriters, brokers, and IT security personnel.

Proactive Risk Management

Businesses that proactively manage their cyber risks and engage in meaningful discussions with insurers about their cyber risk journey can negotiate more effectively, leading to more tailored cyber policies. Developing cyber resilience before purchasing cyber insurance can positively impact premium and retention levels, available capacity, and overall resilience to the challenging cyber landscape.

Building cyber resilience is not just about compliance; it’s about actively managing and mitigating cyber risks. A risk-based approach, coupled with comprehensive risk assessments, is key to developing resilience and navigating the cyber insurance landscape effectively. By being proactive and informed, businesses can secure fit-for-purpose cyber policies and enhance their overall resilience against the ever-evolving cyber threats.

Businesses should consider conducting comprehensive risk assessments and implementing robust controls to build cyber resilience. Engage in informed discussions with insurers to secure a cyber policy that is most suited to your organisation’s needs and ensure the safety and continuity of your business in the digital age.


bottom of page