Cyber insurance is a common tool for risk transfer today. It’s also a key driver for cybersecurity program investment today. But who has cyber insurance and what benefits do organizations see from it? Analyzing Forrester data on cyber insurance adoption and breach response trends, we find that:

  • Most organizations do not have standalone cyber insurance policies. While our data shows that the majority of enterprise security technology decision-makers have some kind of cyber insurance coverage, only 26% have a standalone policy.
  • Cyber insurance has an impact on service provider selection. Insurance carriers typically maintain a panel of preferred providers in areas like incident response, ransomware negotiation and payments, and more. For enterprises with cyber coverage, 70% shared that their insurance carrier required them to select from their panel of providers they have negotiated rates with.
  • Organizations with cyber insurance experience fewer breaches. Let’s bust the myth that firms with cyber insurance are more likely to get attacked or breached. You still might, but that’s because your organization exists in an interconnected world, not because you have or do not have cyber insurance. As organizations face stricter underwriting requirements for cyber insurance coverage, firms with robust cybersecurity programs will be the ones that insurers deem a better risk to take on.
  • Those with cyber insurance have better outcomes with detection and response. There is a consistent pattern of improved detection and response times across common incident alert and response steps: mean time to detect, mean time to respond, mean time to eradicate, and mean time to recovery. For example, the difference is very pronounced when it comes to mean time to detect, with 48% of enterprise global respondents with standalone cyber insurance policies reporting that they were able to do so in less than seven days, compared to 21% of those without cyber insurance or with cyber coverage as a part of another insurance policy.

This is a preview of some of the findings in The State Of Cyber Insurance, 2023. For more specific insights and analysis, such as diving into differences between organizations with standalone cyber insurance policies versus cyber coverage through an endorsement versus no coverage at all, Forrester clients can check out the full report as well as schedule a guidance session with me to discuss trends in cyber insurance.

[Written with Danielle Chittem, Research Associate]