Cyber insurers could cut loss ratios by 16% by excluding high-risk entities: Gallagher Re

A recent study by Gallagher Re, a global reinsurance broker, analysed Bitsight’s security performance data from 62,000 organisations across 67 countries, along with Gallagher Re’s proprietary data on cybersecurity incidents and claims.

The research revealed that poor performance in specific areas increased the likelihood of a cybersecurity incident and subsequent claim, while strong performance helped reduce this risk.

Several key factors were identified as predictors of cybersecurity risk, offering valuable insights for both enterprise cybersecurity leaders and cyber insurers.

One of the main findings highlighted the potential of using external scanning data in conjunction with traditional firmographics. By targeting the most damaging 20% of risks, insurers could see a reduction in loss ratios of up to 16.4%.

A significant insight from the study was the importance of an organisation’s “cyber footprint”—the size of its attack surface, determined by the number of IP addresses it controls.

The research found this to be a strong predictor of claims, which shifts the focus for insurers who traditionally relied on metrics like employee numbers, industry, or revenue. The inclusion of technographic data, such as the cyber footprint, offers a more accurate assessment of risk.

Additionally, the study identified that third-party dependencies and single points of failure within an organisation’s technology stack significantly increased the likelihood of a claim.

As companies expand their use of technology, their vulnerability to cyberattacks grows, underscoring the importance of this data for future risk modelling in the insurance sector.

Lastly, the research reinforced the critical role of maintaining strong cyber hygiene. Practices like timely patching, proper use of SSL certificates, DNS security, and effective endpoint management were all shown to reduce the likelihood of cybersecurity incidents. Paying close attention to these basic practices can significantly lower the risk of cyber threats.

“This study provides clear, actionable insights for both insurance companies and enterprises on the efficacy of security controls,” said Ed Pocock, Global Head of Cyber Security at Gallagher Re.

He further added: “Leveraging Bitsight’s data, we’ve not only established a direct link between weak cybersecurity controls and higher insurance claims, but also highlighted additional strategies for insurers to more effectively assess an organisation’s cyber risk and potentially improve loss ratios.”

Enterprise cybersecurity leaders can use these insights to better prioritise investments, reduce the chance of incidents, and make informed risk decisions. Focusing on high-risk areas allows them to strengthen security and allocate resources more effectively, improving both protection and risk management.

Derek Vadala, Chief Risk Officer at Bitsight, added: “For years, Bitsight analytics have been independently proven to have strong correlation with security incidents.”

Vadala continued: “Gallagher Re’s analysis demonstrates that there is even more to the story – that meaningful, new insights, such as assessing the risk of Business Email Compromise (BEC), can be created through analysing different parts of our massive trove of data. We are excited by these findings and will continue to explore the incredible opportunities ahead of us.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.