Cyber Benchmarking: Traditional Benchmarking Doesn’t Work In 2022

Cyber Benchmarking: Traditional Benchmarking Doesn’t Work In 2022

Cyber Controls Dictate Price & Limits Available

We surveyed 7 of the most active cyber insurance carriers and asked for their top three cyber security items they look for when underwriting a risk. This chart shows the answers we received more than once.

If you do not appropriately address these minimum-security controls, your price could be 2-3x what a peer would pay who has good controls. And more likely than just paying a premium, you won’t be able to secure the limits you need if you don’t have solid controls.

MFA (Multi-factor Authentication) – layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login

EDR (Endpoint Detection & Response) – integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data

Encrypted Backups – an extra security measure that is used by entities to protect their data in the event that it is stolen, misplaced, or compromised in some way

Open RDP (Remote Desktop Protocol) – enables network administrators to remotely diagnose problems that individual users encounter and gives users remote access to their physical work desktop computers

Email Screening – the screening of emails for threats prior to them reaching their destination

Rates Are Rapidly Increasing

Rate increases accelerated last year from35% in Q1 to 130% in Q4. Any price benchmarking data that is more than a couple weeks old is going to be irrelevant.

  • It’s not about how much coverage your peers purchase or how much you need, it’s about how much you can secure and can afford
  • Price is impacted by your individual cyber security controls more than it is by your industry, revenues, or record count
  • It is more important to benchmark your cyber security controls against your peers than it is your insurance cost or limits

What We Are Seeing in The Market

  • Carriers have reduced their capacity and are no longer willing to provide more than $5M limits on a single risk
  • Underwriters are seeing an increase in submissions of 700%+and many quotes come down to the last minute
  • If you have poor controls, you likely won’t be able to secure additional limits no matter what you’re willing to pay for them
  • Many insurers are limiting their exposure to ransomware, cyber business interruption, and other first party exposures

Talk to us about your cyber risk mitigation strategy.


This material has been prepared for informational purposes only and was generated from information provided to BKS from the client and/or third-party sources. Therefore, BKS makes no warranty or representation(s) as to the accuracy or appropriateness of the data and/or the analysis herein. This information is not intended to provide, and should not be relied on for, tax, legal or accounting advice. You should consult your tax, legal and accounting advisors for those services.

No Comments yet!

Table of Contents

renewable energy
Renewable Energy Practice Group
serious employees
Employer’s Balancing Act: Part 2
Solutions and Strategies to Help Equalize Cost While Offering In-Demand Benefits   In Part One of...
Cyber Center of Excellence web
[Video] Cyber Center of Excellence
The cyber security landscape remains dynamic and volatile. However, good news is on the horizon, and...
Get in contact with an advisor today to see how BKS can support you.