Getting to grips with cyber risk in the insurance industry

Learn about the findings of the Cyber Risk Assessment of the UK insurance industry report.

28th November 2019BlogAJ Thompson

Are you ready to get in touch?

  • 0207 448 8500
Request a Call back

To build an effective cybersecurity strategy, companies must first understand their risk exposure.

By providing insurers with crucial insight and targeted recommendations, we shed light on how organisations inside and outside the insurance industry can improve their security posture.


business-meeting-three-men-one woman-data-analysis

For insurers, assessing risk is a way of life. And yet, most insurance companies are struggling to find effective ways to evaluate and respond to their own cyber risks.

Managing the risk of cybersecurity threats and decreasing the effect of breaches are growing priorities for UK organisations of all sizes, in every industry.
To help UK insurers understand how ready their industry is to safeguard customer data against compromise, Northdoor produced the Cyber Risk Assessment of the UK insurance industry analysis, created using the RiskXchange Cyber Risk Rating Platform.

Using the RiskXchange ratings, based on freely available public open source data, we offer insurance companies an understanding of their risk of suffering a cyber security incident. Enterprises within the industry can use the results of the report to help optimise their cybersecurity strategies, putting them in a stronger position to deal with the evolving threat landscape.

Exploring the findings

The report provides a weighted average of the RiskXchange Risk Rating for a sample of over 150 companies in the UK insurance industry, split across insurance brokers, MGAs/coverholders and carriers. The higher the score, the less likely an organisation will be hit by a successful data breach in the next 12 months.

We calculated an overall risk score for the UK insurance industry of 762 on a scale of 300 to 900, indicating that organisations should be taking action to reduce their exposure to cyber risk. This is particularly the case for application security, where only 5.56% of companies surveyed got an A rating.

When ratings are broken down by types of company, the report shows that only 38% of brokers scored an A on email security, while 53% of MGAs scored a D on application security, and more than 20% of insurers were rated poor or very poor on network security.

Seven steps to a better security posture

No company’s cybersecurity strategy is fool-proof, meaning that there is always room to improve. We have compiled seven recommendations to guide enterprises towards better risk management and protection of sensitive data. Here is a brief summary of those seven steps (see the report for more detail):

  1. Use the NIST Cybersecurity Framework (or an equivalent) to develop an information security programme.
  2. Cultivate a comprehensive understanding of your own network.
  3. Pinpoint areas in the business where process and policy maturity come in under par.
  4. Ensure that your network management policies are being followed and expose assets only where absolutely necessary.
  5. Safeguard and examine network endpoints.
  6. Confirm that active certificate-management programmes exist and are adhered to.
  7. Stay on top of software patches and upgrades.

By taking these measures, organisations can address the technical flaws, behavioural risk and skills gaps that leave them vulnerable to cyberattack.
Knowledge is power – so learn about the cyber risk exposure of the UK insurance industry by reading the report today.

cyber risk Assessment of the UK Insurance Industry report

Download PDF

For more information, contact Northdoor.

Our Awards & Accreditations