Poor practices increase the risk of incidents, while strict controls improve loss rates
reinsurance
By Kenneth Araullo
A recent Gallagher Re study evaluated cybersecurity performance data from Bitsight covering 62,000 organizations in 67 countries, along with Gallagher Re’s own data on cybersecurity incidents and claims.
The results showed that poor performance in key cybersecurity areas increases the likelihood of a cyber incident and a subsequent insurance claim, while better performance correlates with lower risk.
The study highlighted several key predictors of cybersecurity risk. One of the key findings was that external scan data can play a critical role in improving insurance loss rates. By combining this targeted data with company information, insurers could reduce their loss ratios by up to 16.4% by focusing on the most damaging 20% of risks.
Another key observation was that the size of an organization’s “cyber footprint,” measured by the number of IP addresses it manages, is a strong indicator of claims. This suggests that insurers could benefit from considering technical data rather than relying solely on traditional metrics such as headcount, industry or revenue when writing cyber policies.
The study also found that using certain technology products increases the likelihood of a complaint, highlighting the importance of addressing single points of failure and third-party dependencies within a company’s technology stack. These findings are expected to influence future risk modeling approaches for the insurance industry.
Additionally, the research showed that maintaining good cyber hygiene remains crucial. Basic cybersecurity practices such as patching speed, proper use of HTTP headers, SSL certificates, DNS security, and effective endpoint management have been found to directly correlate with a reduction in cyber incidents.
Ed Pocock (pictured above), global head of cybersecurity at Gallagher Re, said the study provides clear, actionable insights into the effectiveness of security controls for both insurers and businesses.
“By leveraging Bitsight’s data, we have not only established a direct link between weak cybersecurity controls and higher insurance claims, but also highlighted additional strategies for insurers to more effectively assess a company’s cyber risk and potentially improve loss ratios,” said Pocock.
For enterprise cybersecurity leaders, these insights can help prioritize investments in their programs, reduce the likelihood of an incident, and make more informed risk management decisions.
Derek Vadala, chief risk officer at Bitsight, added that Bitsight’s analytics have long been shown to be highly correlated with security incidents.
“Gallagher Re’s analysis shows there’s more to the story – that meaningful new insights, such as business email compromise (BEC) risk assessment, can be gained by analyzing different parts of our vast trove of data. “We are excited.” We are confident in these findings and will continue to explore the incredible opportunities that lie ahead,” said Vadala.
What do you think about this story? Please share your comments below.
Stay up to date with the latest news and events
Join our mailing list, it’s free!