Cyber Security Insurance – Why Have My Premiums Risen?

Cyber insurance policyholders saw their premiums rise again in 2022, despite premium hikes in 2020 and 2021. In fact, cyber insurance premiums grew by an average of 28% in the first quarter of 2022 compared with the last quarter of 2021. This is unlikely to be the end - we will likely see more price hikes over the coming years.

But critically, with an economic downturn looming, IT budgets are tighter than ever. So, how do business decision-makers mitigate cyber risks and lower their premiums? Why have premiums risen in the first place?

Why Are Cyber Insurance Premiums Increasing?

Several factors contribute to soaring cyber insurance rates, including a turbulent and ever-evolving cyber threat landscape, rapidly expanding attack surfaces, and the rising cost of replacing infected equipment. Let's look more closely at the top reasons premiums keep getting higher.


According to a global survey of 1,100 IT and cybersecurity professionals, 80% of organizations were hit with a ransomware attack in 2021. Alarmingly, 60% of those targeted paid the ransom. Moreover, an equally worrying study from the UK found that 74% of IT decision-makers now consider ransomware a national security threat.

While ransomware is hardly a new threat, it's now become part of the everyday vocabulary of cybersecurity specialists. But why is ransomware becoming the favored attack method for threat actors? A shift in working patterns, with hybrid and remote working becoming more popular, is a significant factor.

With more employees working from home, verifying whether emails are legitimate becomes much more challenging. At the same time, if they are connecting to the network from outside the traditional network perimeter (on-site) and using personal devices, it can be more challenging for anti-malware tools to block nefarious incoming messages.

Increasingly severe reputational and regulatory penalties are also a factor in rising ransomware attacks. In short, public data exposure is much more damaging for companies today than in the past. As a result, many companies determine paying is the quickest and easiest way to put the attack behind them. This makes ransomware an attractive option for cyber criminals.

With ransomware attacks soaring and so many companies paying the ransom, cyber insurance providers are changing their policies and limiting the amount of coverage they provide to reduce the cost of payouts.

Increasing Replacement Costs

Companies with older IT infrastructure are an eye-watering 53% more likely to fall victim to a cyber-attack. When a successful attack happens, they must replace this infrastructure with newer, more secure devices. Since IT equipment replacement costs typically fall on the insurer, they've started to raise premiums to cover the costs.

Poor Cybersecurity Hygiene

Businesses are increasingly finding it difficult to get coverage or are being quoted higher premiums if they have inadequate cybersecurity controls in place.

What are the signs of poor cybersecurity hygiene?
  • Inadequate use of multifactor authentication (MFA).
  • Poor quality incident response plan.
  • Weak password requirements.
  • Lack of protection and mitigation against vulnerabilities.
  • Poor penetration testing posture, results, and a lack of remediation.
  • Inadequate employee training on phishing and other cyber-attacks.
  • Inadequate system backups.
  • Lack of mitigation for third-party vendor security risks.

Skyrocketing Response Costs

Cybersecurity incidents are expensive, and the costs associated with responding to them are also rising. As of 2022, the average data breach cost in the United States amounted to $9.44 million, up from $9.05 million in 2021.

Tips for Lowering Your Cybersecurity Insurance Premiums

Cyber insurers are getting more demanding about how they want their clients to protect themselves. The most significant contributor to the cost of insurance coverage is the policyholder's risk profile and the insurer's risk appetite. Increasingly, insurers have lower risk appetites and prefer their clients to have a low-risk profile. So, how do you lower your risk profile and, consequently, your premiums?

Ensure You Meet the Minimum-Security Requirements

With payouts skyrocketing over recent years, many insurers are now setting minimum security requirements that businesses must meet before they're able to purchase cyber insurance. These requirements include enabling MFA, having antivirus and malware detection software, a robust firewall, and an endpoint detection and response (EDR) tool.

Implement Zero Trust Architecture

The Zero Trust model uses the mantra "never trust, always verify." Essentially, it does away with implicit trust and requires all users and devices (whether inside or outside the network) to be continuously authorized and authenticated. Additionally, implementing Zero Trust demonstrates a proactive defense mindset that will put you in good standing with cyber insurers.

Implement Cybersecurity Awareness Training for Employees

According to an IBM study, 95% of security breaches occur due to human error. Your employees may be your best asset, but they're also one of the biggest security threats to your company. Luckily, effective cybersecurity awareness training can help mitigate this risk by assisting employees in identifying the signs of phishing emails or other attacks. Again, doing this demonstrates you're taking a proactive approach to security and not relying on the insurer to cover all your bases.

Create an Effective Incident Response Plan

While cyberattacks are preventable, you can never prevent them 100%. No cybersecurity program can guarantee you will never experience a data breach. However, a well-designed cyber incident response plan can dramatically minimize the impact of any successful attack. Since an incident response plan is a single document, it's a simple but convincing piece of evidence you can provide to a cyber insurance provider.

Final Thoughts - How MSPs Can Lower Your Premiums

Working with a managed service provider like Lammtech can help ensure you meet cyber insurance requirements, but it doesn't end there. Managed service providers can recommend additional technology or offer guidance on cybersecurity best practices, both of which can lower the cost of your cyber insurance premiums.

About the Author: