Price hikes 'should force cyber-insurance re-think'

Security vendor Tripwire says firms should react to rocketing premiums by investing more in security

A reported spike in premiums means companies would be better of redirecting funds they have earmarked for cyber-insurance into bolstering their security defences.

That's according to security vendor Tripwire, which was reacting to a report by Reutersthis week suggesting cyber-insurance prices have rocketed this year in response to a recent rash of high-profile data breaches.

Citing figures from Marsh, Reuters said that average rates for retailers hiked by 32 per cent in the first half of 2015 after staying flat last year. On top of the rate hikes, insurers have in some case begun capping coverage at $100m, the report added, leaving many businesses exposed to losses from hacks that can be more than double that.

Ken Westin, senior security analyst at Tripwire, said insures need to ensure "the house wins" and now have the data to stack the deck in their favour.

"One of the challenges for insurers was identifying the scope of potential financial liabilities when it comes to a data breach," he said. "Much of this has been due to the lack of data to understand the potential financial impact of a breach. However, with the rise in high profile breaches, insurers finally have data they need to assess risk and the results are staggering."

Westin added: "Companies that have been seeking to offset their risk by focusing on investment in insurance will be increasingly better off investing some of those funds into better cyber security initiatives, particularly around controls designed to detect data breaches in progress."

Westin's comments come after VARs at a CRN Roundtable earlier this year blasted cyber-insurance for being an "immature" way of dealing with the growing threat of data breaches and "not worth the paper it's written on".

PwC estimates that annual gross written cyber-insurance premiums will triple from $2.5bn today to $7.5bn by the end of the decade.

In its [asset_library_tag 9260,recently released report], Insurance 2020 & beyond: Reaping the dividends of cyber resilience, PwC found that large firms (with over $1bn revenues) that suffered security incidents in 2014 sustained average financial losses of $5.9bn, up from $3.9bn in 2013.