Cyber insurance is the world's fastest-growing insurance market, yet a recent surge in ransomware attacks and business email intrusions has resulted in large losses for cyber insurers and increased premiums. The UK insurance business is under growing scrutiny from regulators, therefore understanding how to manage cyber risk inside their own supply chains has become critical.
This industry is crucial in risk management and safeguarding individuals and organisations from potential losses. However, as the insurance supply chain becomes more reliant on digital technology and interconnected systems, it becomes more vulnerable to cyber threats. Every business in the supply chain, from insurance carriers to intermediaries and third-party service providers, is a potential target for cyberattacks.
SecurityScorecard, a cyber ratings service, revealed some critical information on the top 50 insurers by gross written premium to provide additional insight into the UK cybersecurity insurance market. Based on data from the SecurityScorecard platform, the research discovered that 50% of the top 50 UK insurers by gross written premium are vulnerable to third-party companies that have experienced a domain breach since January 26, 2023.
According to the research, 26% of the top 50 UK insurers have such low cyber ratings that they would have difficulty receiving cyber insurance for themselves.
Of the top 50 insurers in the UK, 40% are rated A, 34% are rated B, 24% are rated C, 2% are rated D, 26% are rated C or lower for risk, 74% are rated B or higher for risk, and 28% have an active infection as a result of their public footprint.
Before new regulations catch up with them, insurers should definitely do more to protect their online presence and the third-party suppliers they work with.
How supply chain cybersecurity may benefit from security ratings
Long before the regulations are set to take effect, cybersecurity ratings can assist in identifying these problems and resolving them. Ratings allow organisations to assess their cyber hygiene objectively and determine whether their security posture is advancing or degrading over time.
An insurer's supply chain is made up of third parties, which enables it to operate more profitably, quickly innovate, and effectively. These include vendors, service providers, cloud hosting companies, and any other suppliers that support an organisation. They facilitate conducting business. Unfortunately, they also put businesses at risk.
To mitigate threat, organisations must establish vendor portfolios and be able to detect common security vulnerabilities, rank suppliers and partners based on risk, and cooperate with the partners to address known vulnerabilities. Detecting and continuously monitoring the vendors will allow organisations to assess risk in real time and keep ahead of risks, making supply chains more resilient.