A joint report from the Insurance Information Institute and Fenix24 found that insurers, despite setting cybersecurity standards for policyholders, still have vulnerabilities in their own defenses.
Insurance carriers occupy an unusual position in the cybersecurity ecosystem. They evaluate cyber risk, set security requirements as conditions of coverage, and respond when incidents strike — yet they remain high-value targets for threat actors due to the sensitive data they hold and their systemic economic importance.
A new report from the Insurance Information Institute and breach recovery firm Fenix24 found that while insurers generally follow strong security practices, notable gaps persist in areas such as credential management, backup definitions, and patch deployment cycles.
The cyber insurance market reached $15.3 billion in gross written premiums in 2024 and was projected to hit $16.3 billion in 2025, according to Munich Re. While ransomware remains the leading driver of insured cyber losses, it accounted for only 19% of reported cyber claims in 2023, with 56% originating…
