“Every” UK organisation should now have cyber insurance.
At least that’s the contention of the Association of British Insurers (ABI), which last week claimed the amount paid out to UK businesses in cyber claims more than tripled in 2024 to £197m.
Malware and ransomware alone accounted for 51% of all claims made during the year, according to the ABI’s data (which was extrapolated from figures drawn from participating members).
But do the MSSPs tasked with helping UK businesses improve their cyber posture day in day out agree?
And what is the rightful role of MSSPs in cyber insurance as it becomes more pervasive?
IT Channel Oxygen collared leaders from six MSSPs to get their views.
All agreed with the ABI, but they had some important provisos.
What did they say? Read on…
“Cyber insurance companies aren’t serving the market in a good way”
Guy Golan, CEO, Performanta
The ABI says every company should have cyber insurance, but then they would say that. Do you agree?
I do believe every company needs cyber insurance.
I don’t believe in the current constellation that the cyber insurance companies are serving the market in a good way.
Cyber insurance companies aren’t making money, and they should be making money – or else why would they get into this business.
If they start to become more granular, truly assess the client’s posture and have stricter policies on how to run a resilient company, it will create a good equilibrium. This will eventually result in fewer attacks on those companies, which is in the best interest of the company and of the cyber insurance company – so it’s a win-win.
What role do MSSPs like Performanta play in cyber insurance?
We play a role in two sides of it. One is to team up with cyber insurance companies to do an assessment or to react to an attack as part of incident response
We also work hand in glove with them in the sense that our job is to do exactly that proactive work to reduce potential attacks and potential breaches. This will eventually result in companies not [claiming for] cyber insurance but also [not sustaining] operational losses and reputational damage.
My view in short is that cyber insurance is needed. But it needs to be reshaped. MSSPs have a role to work with cyber insurance but also with companies themselves under one goal – to increase resilience and lowering the attack surface, ensuring there are fewer and fewer incidents and breaches happening.
Article continues on following page…
