Connect with us

Hi, what are you looking for?


Cyber Insurance

Calls for Security Vendors to Guarantee Products

Insurance is an increasingly important option for cyber defense — but a new survey shows a remarkable difference in attitude between different geographical areas. Against an overall average of 72%, only 49% of UK companies have a cyber insurance policy in place; despite London’s dominant position in world insurance and reinsurance.

Insurance is an increasingly important option for cyber defense — but a new survey shows a remarkable difference in attitude between different geographical areas. Against an overall average of 72%, only 49% of UK companies have a cyber insurance policy in place; despite London’s dominant position in world insurance and reinsurance.

In a recent survey by Vanson Bourne for SentinelOne, details published Tuesday show the US as the most insurance-conscious area, with 83% of organizations already cyber insured. 

A total of 500 organizations were questioned: 200 in the US, and 100 in each of the UK, Germany and France. The UK is also the least likely to implement cyber insurance in the future. While 7% of French organizations, 3% of US organizations and only 2% of German organizations have no plans to implement cyber insurance, fully 20% of UK companies take the same attitude.

SentinelOne believes that cyber insurance is important now and will be even more important in the future. Chief security consultant Tony Rowan told SecurityWeek that increasing regulatory pressure and fines would force business to look closely at cyber insurance. The survey shows this is already beginning, where the impending EU GDPR regulations and the threat of fines of up to €20 million or 4 per cent of turnover is causing another 52% of those that don’t currently have insurance to investigate the possibility.

SentinelOne offers a variation on the insurance theme: it guarantees against customers’ loss through ransomware, and uses the insurance market to underwrite the guarantee.

“We’re proud to have been the first,” said Rowan, “and still only, next generation endpoint protection company to launch a cyber security guarantee with our $1,000 per endpoint, or $1 million per company pay out in the event they experience a ransomware attack after installing our product.”

A few other companies are now offering their own guarantees, such as Cymmetria, Trusona and WhiteHat Security — but Rowan told SecurityWeek that he would like to see all security vendors guaranteeing their own performance. “It is anomalous that if I buy a washing machine and it doesn’t do what it is supposed to do, I can take it back. But if I buy software that doesn’t do what it is supposed to do, then the best I can hope for is a patch; which doesn’t seem fair, does it?”

Advertisement. Scroll to continue reading.

He fears however, that not all security vendors could provide a guarantee. “I suspect the difficulty for some vendors would be getting the insurance companies to underwrite them;” although this is really an admission that some security products are just not good enough.

Two processes could force vendors to offer guarantees. The first would be legislative insistence. Governments generally shy away from such steps citing jurisdictional problems and the fear of stifling innovation. But Rowan counters, “Many other industries manage pretty well, even those where stringent regulations are already in place. So it shouldn’t stop innovation completely.”

The second process would be customer pressure. As more and more vendors begin to offer guarantees, there will be pressure for all vendors to follow suit, or simply be ignored by customers.

However, until such time as vendors do guarantee their products, cyber insurance remains an attractive if not the only option. In such cases it is important that organizations read the small print to understand exactly where they are covered and where they are not covered — and again the survey shows strong geographical differences. For example, asked about costs met by insurers for a ransomware attack, 86% had compliance and regulatory requirements covered in the UK, and 88% in Germany. This compared to 72% in the US and only 46% in France.

Legal costs were different, although Germany again scored highly with 63%. The US returned 59% and France 46%; but only 14% of insurers covered legal costs caused by a ransomware attack in the UK.

The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report from Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022. By comparison, a report (PDF) from PwC estimates that annual gross written premiums are set to increase from around $2.5 billion in 2015 to $7.5 billion by 2020.

Related: The Hidden Strategic Advantage in Cyber Insurance

Related: Cyber Insurance: Security Tool or Hype? 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.