Just a decade ago, it seemed like the only requirement from cyber insurance carriers was the need for a policy; the application process was easy, and the questionnaire was simple. But as ransomware attacks grew in popularity and damage, carriers were forced to tighten the reigns to keep a balanced book. In 2020, we witnessed the cyber insurance market harden for the first time ever. Since then, carriers continue to adapt their application requirements in line with threat trends and emerging security capabilities.
To help CISOs and security leaders strengthen their cybersecurity strategy, I’ve put together four predictions for changes to cyber insurance requirements in 2023.
Cyber Insurance Requirements Predictions
Prediction #1: Cloud misconfigurations will lead to more cyber insurance claims
Cloud misconfigurations will continue to grow as a threat vector due to increased adoption rates and poor security policies. In early 2022, Forrester predicted that cloud-native adoption would rise to half of all enterprise organizations following previously observed trends. Furthermore, Gartner predicted that by 2025, 99% of cloud security failures would be the customers’ fault, suggesting that misconfigurations will continue to be a serious issue.
Not only are cloud misconfigurations the third most common attack vector for data breaches, but Microsoft found that over 80% of ransomware attacks can be traced to common configuration errors in cloud services. Considering that ransomware is the leading cause of cyber insurance claims – and continues to grow – it’s