Cybersecurity Gaps Could Be Costing Businesses More in Insurance Claims, Says Gallagher Re Study

In a recent study, Gallagher Re, a leading global reinsurance broker, uncovered a crucial link between cybersecurity weaknesses and higher insurance claims.

Published on October 24, 2024

cybersecurity
Data security concept. 3D render

In a recent study, Gallagher Re, a leading global reinsurance broker, uncovered a crucial link between cybersecurity weaknesses and higher insurance claims. Analyzing data from Bitsight’s security performance metrics covering 62,000 organizations across 67 countries, Gallagher Re found that poor cybersecurity practices significantly increase the risk of cyber incidents, which, in turn, leads to a higher frequency of insurance claims.

Key findings from the study emphasize the importance of basic cyber hygiene. Routine practices like patching systems, using SSL certificates, and securing DNS were highlighted as pivotal in reducing incidents. The study also found that external scanning data combined with firmographic information could reduce insurance loss ratios by up to 16.4% by focusing on the most damaging risks.

Another insight pointed out the importance of the size of an organization’s cyber footprint. Organizations managing a large number of IP addresses had a stronger correlation to increased claim frequency, which suggests that insurers may need to consider technographic metrics over traditional ones when underwriting cyber policies. Additionally, the reliance on certain technology products heightened the risk of claims, highlighting the need for addressing single points of failure and third-party dependencies.

According to Ed Pocock, global head of cybersecurity at Gallagher Re, these findings provide actionable insights for both insurers and businesses. By leveraging data on security controls, insurers can more accurately assess risk and potentially improve underwriting outcomes, while enterprises can prioritize their cybersecurity investments to minimize incidents.

For insurers and cybersecurity professionals, the takeaway is clear: Investing in robust cyber risk management strategies isn’t just about preventing attacks—it’s also about keeping insurance costs under control. Strong security measures are increasingly seen as a critical factor in determining insurance terms, premiums, and coverage availability.