Insurance brokers and cybersecurity companies that collaborate to offer cyber insurance have unique insights into the threat landscape and the general status of cybersecurity. We observe which user behaviors lead to the greatest risks, how threat actors’ behaviors cause actual damage, and which vulnerabilities are most relevant. But how does this work in practice? What is the benefit for an insurance broker? And what does it ultimately provide for the policyholder?
Currently, 2024 is shaping up to be worse than 2023 in terms of both the frequency and severity of digital crimes. At Safestate, we measure this both through the cyber threats we observe among Scandinavian policyholders and through claims from our insurance partners.
Phishing attacks remain one of the most common ways to breach a company. Equally concerning are the massive amounts of leaked credentials that we scan for every day, alerting policyholders about potential threats. Every month, we alert on several thousand leaked credentials—credentials that serve as a direct key in the hands of a malicious actor. These insights highlight the importance of awareness as a central part of organizations’ cybersecurity strategies.
“Cyber threats are a complex societal issue,” says Daniel Fyhr, CEO of Safestate. “The government definitely has a crucial role, especially when addressing small businesses that lack the resources or capabilities of larger companies. However, we private actors have an incredibly important role to play, particularly in collaborating with entities that are close to small businesses.”
We are facing more cyber threats than ever before. Notifications about new cyberattacks and threats come in an endless stream. New technology is making these attacks increasingly complex and difficult to detect and manage. How did we get here? Could we have done something differently in the past? As we see it, there are three main pillars:
1. Widespread digital vulnerabilities in both old and new infrastructure. These can be seen as windows or doors left ajar, which cybercriminals can simply walk through. This infrastructure, and thus its vulnerabilities, is embedded throughout society, from agriculture and industries to public transport and energy systems. And every day, we are building more.
2. Most critical service infrastructure is installed, owned, and operated by private entities. Each of these actors makes its own decisions about cybersecurity investments, although sometimes they are guided by regulations and directives.
3. Cybercriminals exploit these digital doors to achieve their own goals. The vulnerabilities we’re talking about are accessible and highly profitable—why wouldn’t they spend a large portion of their time targeting every small door and window, especially at smaller, less-prepared businesses?
So, what should we do differently? First and foremost, society will not become less complex. We must accept that globalization and digitalization are facts, constantly evolving. Political solutions must address the root problem in each of these three pillars, but private actors will continue to play a vital role.
In Scandinavia, the insurance industry is well regarded, and small business owners often rely heavily on their insurance, whether it’s for water damage, fire, or burglary—both in digital and physical spaces. We are currently seeing a shift in understanding where cyber insurance is becoming as important as insurance against home intrusions.
Insurance brokers who seize the opportunity to be a safe cyber haven for their customers get two parallel advantages. They better understand their customers’ risk profiles, enabling more efficient premium setting, while also helping customers minimize their risk.
How Does Safestate Complement Insurance Brokers’ Cyber Insurance Offerings?
Safestate was the first in Sweden to collaborate with the insurance industry to offer proactive cyber insurance—a policy that not only compensates a customer when damage occurs but actively works every day, all year round, to minimize the risk of an incident happening in the first place.
To explain Safestate, it’s necessary to also describe the development of the cyber insurance market, which we, in many ways, are driving forward in Scandinavia.
Cyber insurance has needed to evolve significantly (in many cases, from nothing to something) to keep pace with the growth of cybercrime. It’s still common to offer insurance that only compensates after the damage is done, perhaps with some advisory services. However, more and more companies are choosing to engage with their customers’ security before an incident occurs. In other areas, such as fire and home burglary insurance, this is already being done. The same development is happening in the cyber insurance world.
At Safestate, we use various tools and technologies to help policyholders minimize their risk while also providing insurance brokers with a much clearer picture of their customers’ risk profiles. We can assess an organization’s risk profile both when they seek coverage and throughout the time they are insured. Every day, we monitor risks and threats for policyholders, helping them reduce their vulnerabilities.
An example of Safestate’s model in practice is the monitoring of leaked credentials. Every month, we alert thousands of individual customers—so far, over 50% of our customers have been part of a breach. In 2023, it was roughly estimated that one credential leaked per second, and during the same period, leaked credentials were used in about 50% of all intrusions worldwide. Every time we alert a customer about their leaked credentials and urge action, we reduce the likelihood that this customer will become part of the intrusion statistics.
The same picture can be painted regarding another one of our tools, vulnerability scanning. Every month, we scan policyholders’ environments for the open doors and windows that a vulnerability represents and alert the customer. When customers act on our alerts and fix their vulnerabilities, this significantly reduces the risk that a malicious actor will exploit the vulnerability.
“Cyber insurance has had to evolve dramatically to keep pace with the reality of cybercrime,” comments Daniel Fyhr. “Today, the most advanced insurers combine proactive cybersecurity technology with traditional insurance brokerage.”
In practice, this means that together with our insurance partners, we are part of the solution for small businesses that want to avoid disruptions to their operations or brands tarnished by cyber incidents. Today’s cyber insurance is just as much about strengthening resilience to prevent disruptions as it is about helping businesses recover both financially and technically.