Cyber insurance underwriting is becoming more expensive with each passing near. Things have become so tenuous that two of the leading providers of cyber insurance state they are generally concerned about the future of their industry. That is troubling enough. But what about the fact that insurance companies are among the biggest targets for cyber criminals?
A June 2025 article posted by Insurance Journal reveals just how serious things are. For example, 59% of the breaches involving the top 150 insurance companies last year were facilitated through third-party attack vectors. In other words, insurance companies are vulnerable due to insufficient security down the supply chain.
The article also points out that globally, the average data breach cost exceeded $4 million last year. But costs are likely higher in the insurance industry due to the treasure trove of sensitive data insurers need to collect and store.
Exceptional Third-Party Security
Carriers willing to undertake cyber insurance underwriting are increasingly adopting stricter standards. Where third parties are concerned, carriers are requiring exceptional security practices that can be documented. Why? Because they know how risky third parties are.
The earlier statistic of 59% of all data breaches in 2024 being pulled off through third-party attack vectors says it all. Insurance carriers are risking too much when a client’s third-party partners are not maintaining exceptional security. Now they find themselves having to further mitigate risks by forcing clients to pay attention to third-party security.
Enter Darknet Data Intelligence
Source: learn.eccouncil.org
For some insurance carriers, the most effective means of mitigating losses is darknet data intelligence. Carriers are adopting it for themselves and recommending it to their clients. What does it do?
Think of darknet data intelligence as similar to intelligence gathering among nations that do not trust one another. Each one wants as much information on the others as possible. Through intelligence, nations can keep themselves more secure. It’s the same deal in cybersecurity.
DarkOwl is a Denver-based company that specializes in darknet data intelligence. They have developed tools that are utilized in nearly every industry to improve security. The tools are indispensable in cyber insurance underwriting.
Intelligence Is a Risk Mitigation Tool
DarkOwl recommends that the insurance industry take advantage of darknet intelligence to mitigate its risks. The company says that risk mitigation is rooted in three principles:
- Identification – Before threats can be addressed, they need to be identified. Intelligence gathering tools are designed to continuously monitor the darknet for any and all data that could point to an imminent or ongoing threat.
- Benchmarking – Data gathered through intelligence must be analyzed against historical and other current data. The data is benchmarked and then either acted upon or set aside for future analysis. Benchmarking determines the most appropriate response to credible threat data.
- Measurement – Darknet intelligence data is applied to measure risk. An insurance carrier not only wants to measure its own risk, but also that of its clients. A high-risk measurement requires an immediate and significant response.
Source: anthonyjones.com
The future of cyber insurance underwriting is not clear. Insurance carriers and reinsurers are facing mounting losses with each successful data breach. And given the success rates we have seen in recent years, it doesn’t appear as though threat actors are even close to being deterred. If anything, they are more confident than ever before.
For cyber assurance to thrive, organizations seeking insurance need to do a better job with their own security and that of their third-party partners. There is too much at risk to leave security vulnerabilities untouched. If things don’t change, carriers eventually might not be able to offer cyber insurance at all.
