To insure or not to insure? | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

To insure or not to insure?

Is it worth investing in cyber insurance?

Cyber Security

shutterstock 2249403861

Greg Smith

Cyber Security Engineer

Cyber crime is estimated to cost $9.5 trillion globally in 2024.* With cyber insurance companies historically covering an average of only 63% of incident costs, organisations who thought they were fully covered are having to foot the rest of the bill, or look for an alternative solution. 

The question is, why are they ending up in this situation, and how can we make sure we don’t fall foul to similar problems? 

The increasing pace of cyber crime 

In today’s digital and connected age, organisations face an evolving landscape of advanced cyber threats. Cyber attacks are becoming more frequent and are highly sophisticated, requiring strategic planning and investments from the organisation to stay one step ahead of adversaries.   

We have seen many customers asking the same question: is it worth investing in cyber insurance? 

Security technology, robust protocols and processes, alongside well-informed and educated employees, all go a long way to improving organisational resilience and minimising the risk of a successful cyber attack. However, while some organisations invest in these measures to mitigate the risks, others opt for another form of addressing these potential threats—risk transference, which can come in the form of cyber insurance. 

This specialist insurance policy is designed as a catching net for if, or more likely when, an incident does occur. The insurer will compensate for financial losses and align incident response resources to help deal with the incident and its recovery elements. On paper, this is an easy win. However, cyber insurance policies are tricky to navigate and utilise.  

The hidden flaws of cyber insurance policies 

There are many reasons why operationalising cyber insurance can be difficult. Generally, a cyber insurer will not provide coverage or will only do so with a heavy premium, unless there are multiple existing protections in place, such as:   

• Regular risk assessments (preliminary insurance requirement)  

• Regular penetration tests  

• Strong authentication mechanisms  

• Multi-factor authentication (MFA)  

• Privileged access management (PAM)  

• Endpoint detection and response (EDR)  

• Regular backups  

• Incident response plan (IRP)  

• Employee training  

• Vulnerability management (VM)  

With so many requirements to gain cyber insurance, organisations may think they are compliant and protected, but this is often not the case. Just like other insurance policies, such as car and home, coverage is not always guaranteed. This can be due to complex underwriting and policy stipulations, which, unless precisely followed, will not allow the policy to be realised in full—if at all.   

The UK’s National Cyber Security Council (NSCS) has said: “Cyber insurance will not instantly solve all of your cyber security issues, and it will not prevent a cyber breach/attack. Just as homeowners with household insurance are expected to have adequate security measures in place, organisations must continue to put measures in place to protect what they care about.”  

What’s the solution? 

In the event of a cyber incident, not having a properly documented and tested incident response plan (including defined incident response and public relations teams) can greatly increase the potential financial or reputational loss from the breach.   

Being able to rely on a cyber insurance policy is great, but there are a few key scenarios to plan for:  

• Not being insured in the event of a breach  

• The policy not being inclusive of all your assets that hold risk  

• Financial recuperations not covering the total cost of the breach due to policy stipulations  

While completely avoiding a cyber security breach is impossible, multiple technologies and services are designed to massively reduce the risk of or contain an incident before the attacker progresses to the later stages of the attack lifecycle. By responding earlier within this lifecycle, attackers are stopped before their objectives are carried out.  

How can Softcat help? 

If you’re looking into cyber insurance or want to protect yourself by implementing appropriate security controls, Softcat can help you with expert advice and a range of security solutions. Our Managed eXtended Detection and Response (MXDR) uses threat-led operations to rapidly detect and respond to threats, and our Cyber Service Team can help you implement the necessary controls to reduce the likelihood of a breach.  

It’s essential that you consider a more robust security stance when investigating cyber insurance. A managed SIEM (Security Information and Event Management) service is a great place to start when considering either taking out cyber insurance or onboarding the capabilities so you don’t need it.  

Within Softcat’s MXDR service, we proactively quash and suppress threats early in their attack lifecycle to reduce attackers’ abilities within our customers’ networks. This will tick many boxes for cyber insurers, helping reduce cyber insurance premiums and making insurance easier to obtain. This service also includes incident response—another tick in the box! 

This service is fed by multiple, specifically tuned threat intelligence feeds to ensure all angles of externally known information are covered, from zero days via open-source intelligence to customer-specific threat intelligence, detailing exactly what information of theirs is available on the dark web and the likelihood of it being used or exploited by an attacker.  

Taking it one step further 

Combining threat protection, security intelligence and automation, Softcat’s Managed Sentinel Service proactively defends against threats and breaches. Expertly monitored and managed by our Security Operations Centre, it offers: 

• 24/7 x 365 access to log support tickets 

• Deployment of the Sentinel workspace and applicable core components 

• Access to our library of detection rules 

• Validation of security events and alarms, including identification of false positives  

• Continuous tuning and calibration of the Sentinel instance 

• Integrated threat intelligence feeds 

• Security incident response 

• Change management  

• Service delivery management 

So, is it worth investing in cyber insurance?  

In our opinion, no. It’s best to look to expert solutions and services that can support your organisation on its cyber security journey. 

Protecting your reputation and minimising the financial implications of a cyber attack is a top priority. Get in touch with your Account Manager or contact our sales team to find out how we can help you.