Insurers push tougher security standards as cyber losses mount

Cyber insurers are tightening requirements on clients as they seek to limit exposure to soaring ransomware and data breach claims.

 

A recent analysis by Envista Forensics highlights how underwriters are now conditioning coverage on stronger baseline controls such as multi-factor authentication, regular patching, endpoint detection, and incident response planning.

 

 The firm notes that organizations failing to meet these standards face higher premiums, restricted coverage, or rejection of their applications altogether.

 

The shift reflects mounting losses across the sector. According to Aon’s latest Cyber Risk Report, ransomware incidents have become more systematic and costly, with average claim sizes rising by double digits over the past year.

 

Insurers, once focused primarily on financial compensation after an incident, are now actively shaping corporate security practices to reduce claims frequency.

 

Industry surveys back this trend. ProvenIT reports that underwriters increasingly scrutinize client readiness during the application process, focusing on email security, privileged access management, and the ability to quickly detect intrusions.

 

 In some cases, insurers require evidence of third-party security audits before offering cover.

 

At the global level, the International Association of Insurance Supervisors (IAIS) has noted in its Global Insurance Market Report that cyber underwriting practices are converging on stricter standards worldwide.

 

 Regulators are encouraging insurers to incorporate resilience benchmarks into their products, pushing companies to treat cyber insurance as part of their operational risk management framework.

 

Analysts say the move marks a fundamental change in the cyber insurance market: from a reactive safety net to a proactive enforcement tool. For businesses, the message is clear, insurance can no longer replace internal investment in cybersecurity. Instead, resilience is fast becoming the price of insurability.