Forrester unveils guide to combat 78% breach rate amongst firms

Recently, the cyber insurance market has seen rising premiums.

About 78% of organisations experienced breaches in the past year, Forrester's Security Survey (2023) reported. During a breach, insurance carriers are involved but not controlling. 

A maturing cyber insurance market brings changes that impact security programmes. 

Forrester’s ‘The CISO’s Guide to Cyber Insurance’ report identifies common misconceptions about cyber insurance, outlines insurers' security requirements, and highlights trends in applications and renewals. 

It also discusses how these changes affect choices in security technology and services, especially after a security incident. Security leaders can use this report to optimise their cyber insurance strategies.

Recently, the cyber insurance market has seen rising premiums, reduced coverage, and stricter requirements, the report noted. 

These changes have prompted insurers to reassess risk and coverage, emphasising key practices that mitigate enterprise risks. Increased insurer demands affect your security program, coverage, and use of cyber insurance.

ALSO READ: AI deepfakes emerge as new threat in insurance fraud, warns Kennedys report

Fitch Ratings estimates that standalone cyber insurance comprises 70% of industry premiums, reflecting higher costs rather than adoption. 

Forrester's survey further revealed that 83% of enterprises have some form of cyber insurance, but only 26% have standalone policies, indicating potential growth for dedicated policies.

Standalone cyber insurance offers comprehensive coverage, unlike endorsements within other policies which are narrower and may not meet organisational needs. Coverage details are crucial.

Misconceptions about cyber insurance can hinder investment decisions. Robust cybersecurity programmes often align with standalone cyber insurance policies, leading to fewer breaches and quicker incident responses compared to those with endorsements or no coverage.

Self-insurance is viable for organisations with substantial reserves but requires a thorough understanding of potential costs and risks.