News, news analysis, and commentary on the latest trends in cybersecurity technology.

Insurers Use Claims Data to Recommend Cybersecurity Technologies

Policy holders using certain technologies — such as managed detection and response (MDR) services, Google Workspace, and email security gateways — gain premium discounts from cyber insurers.

4 Min Read
cyber insurance flow chart
Source: Photon Photo via Shutterstock

Businesses using a managed detection and response (MDR) provider halved their median response time to a cyber incident and saw a commensurate — and dramatic — reduction in the impact of each incident, according to an analysis of insurance claims data by Coalition.

By adding the skilled expertise of cybersecurity professionals to major endpoint detection and response (EDR) platforms, companies had fewer incidents and what incidents they did have were less serious, according to the cyber insurance firm Coalition, which offers its policyholders credits on cyber insurance premiums based on whether they have deployed MDR and which one, says Tiago Henriques, vice president of research for Coalition. 

"What we're seeing from our data is that there's a set of foundational security controls that actually move the needle," Henriques says. "We're going to try to focus our policyholders on spending their money on things that actually matter — no more buying blinky lights just for the sake of buying blinky Spend your money on things that actually improve your security."

Unmanaged EDR platforms, however, do not merit the discount, he says.

The cyber insurance firm's findings are not surprising. Because cybersecurity and incident-response experts deal with security events on a regular basis, MDR services save their clients significant time, reducing the cost of incident response, says Jeff Pollard, vice president and principal analyst at business intelligence firm Forrester Research. 

The average customer tends to save 33 hours per incident identifying actual malicious activity, 16 hours investigating and determining the severity, and 16 hours performing root cause analysis, according to Forrester survey data

"Because these companies do nothing but provide MDR, they are focused on building out better integrations, increasing their accuracy, and creating more automation," Pollard says. "Those are all things the average SOC analyst inside a company barely has time to do because they are spread so thin."

Collecting Data on Business Risks

MDR platforms are not alone in being recommended by cyber insurance providers. Last year, Coalition found that organizations using Google Workspace had only 43% of the financial transaction fraud (FTF) claims rate as companies using Microsoft Office 365, while insurtech firm At-Bay saw that firms using Microsoft 365 had double the claims of Google Workspace

Insecure email systems are a major source of insurance claims, with business email compromise accounting for 26% of Coalition's cyberclaims and email, in general, accounting for 41% of At-Bay's claims, the firms stated.

Coalition plans to continue to crunch its numbers to determine what other technologies might lower claims rates, Coalition's Henriques says. 

"We want to pick the best technologies that have the most positive impacts for our customers because that's our incentive," he says. "We have a financial incentive that our customers don't get hacked, and if they do, that the severity of that event is reduced."

In its Cyber Threat Index 2024 published on Feb. 21, the company also found that more than 10,000 businesses are running instances of Microsoft SQL Server 2000, an end-of-life product that is reachable from the Internet. In addition, Coalition will not insure companies with open ports for the Remote Desktop Protocol (RDP) because of the ease with which it can typically be compromised. Scanning for the open port increased by 59% in 2023, the firm said. 

Insurance Firms as Cybersecurity Reviewers?

Overall, the data-focused approach to insurance pursued by insurtech firms like Coalition could result in collecting the most accurate data on which cybersecurity products are working and which ones are not. The savings on policies could set cyber insurance firms on the path to recommend specific solutions to businesses based on which lead to fewer — and smaller — claims.

To some degree, that discussion is already occurring, says Coalition's Henriques.

"Our clients come to us at the end of the day, and they're like, 'I've got X amount of budget to spend in InfoSec next year. Which technology should I pick for backup, ... who should do EDR for me, who should do MDR?" he says. "And if you work with a modern insurtech that uses data that is familiarized with cybersecurity services, yes, you should contact your cyber insurance provider and ask for this advice."

Yet, the most secure technologies may not be worth the policy savings, says Forrester's Pollard. While everything will eventually become a service, the skills to operate and maintain technology are not widely distributed, so whether they make sense for a specific business will depend on the economics, he says.

In the end, businesses may have to accept higher premiums for their particular IT environment, or they may not be able to get insurance at all

"I don’t think cyber insurers will lead to better products, but we’ve predicted that cyber insurers will become less willing to insure unreliable or problematic cybersecurity products that have numerous issues or vulnerabilities," Pollard says.

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights