Cybersecurity insurance

Forrester’s 2023 State of Cyber Insurance

Businessman with umbrella standing in the rain

Enterprises with standalone cyber insurance policies are most likely to have robust cybersecurity programs, invest resources in a zero-trust security strategy, experience fewer breaches, and respond quickly across common incident alert/response steps, according to Forrester's State of Cyber Insurance report, which was released this week.

The report found that cyber insurance is a common way organizations mitigate their cybersecurity risk today, and it's also a key driver for cybersecurity program investment, Forrester said. Forrester's data on cyber insurance adoption and breach response trends also found that most organizations do not have standalone cyber insurance policies. While Forrester data showed that most enterprises had some kind of cyber insurance coverage, only 26% had a standalone policy.

Cyber insurance also influences service provider selection, according to the report. Insurance carriers typically maintain a panel of preferred providers in areas like incident response, ransomware negotiation and payments, and more. For enterprises with cyber insurance coverage, 70% shared that their insurance carrier required them to select from their panel of providers they have negotiated rates with, according to the Forrester report.

Despite what you may have heard, firms with cyber insurance aren't more likely to be attacked or breached; that's a myth. In fact, Forrester data found that organizations with cyber insurance experience fewer breaches. As organizations face stricter underwriting requirements for cyber insurance coverage, firms with robust cybersecurity programs will be the ones that insurers deem a better risk to take on, Forrester said.

Finally, the report found that those with cyber insurance have better outcomes with detection and response. There is a consistent pattern of improved detection and response times across common incident alert and response steps: Mean time to detect, mean time to respond, mean time to eradicate, and mean time to recovery, according to the report. For example, the difference is very pronounced when it comes to mean time to detect, with 48% of enterprise global respondents with standalone cyber insurance policies reporting that they were able to do so in less than seven days, compared to 21% of those without cyber insurance or with cyber coverage as a part of another insurance policy.

You can download the full report (behind a paywall) here.