Budgets and insurance policy costs have increased exponentially despite doubts surrounding efficacy of cyber practices, according to a recent survey gauging cybersecurity practices among global debt issuers conducted by Moody’s Investors Service.
Increased C-suite focus on cyber risk has led to a marked increase in cyber budgets, the survey of 1,700+ global respondents found.
Between 2019–2023, cyber budgets rose 70%, though there was considerable variance in growth rates among respondents.
Budgets for corporates grew the most—up 100%, according to the survey findings.
Overall, issuers say they devoted a median of 8% of their technology budgets to cybersecurity, up from 5% in 2019.
Cyber insurance premiums increased by a median of 50% across the board between 2020 and 2022, with healthcare, housing and higher education sectors reporting a 94% increase.
Of those surveyed, 66% said they are required to report cyber incidents if there were no breach of personally identifiable information, although Moody’s analysts indicate the number is expected to rise as legislators and regulators worldwide tighten disclosure rules.
Vulnerability disclosure programs were reported by 56% of survey respondents, but only 18% offer financial incentives for vulnerability disclosures
Cyber security risk assessments were required of new vendors whose personnel or products had access to their in-house computer systems by 80% of respondents, though that figure dropped to 63% for regular monitoring of existing vendors–indicating a potential area of vulnerability, according to the report.
“Cybersecurity’s enterprise-wide visibility has improved while budgets have grown 70% in the last five years, according to Moody’s 2023 cyber survey,” said Leroy Terrelonge, VP-Analyst, Cyber Credit Risk at Moody’s Investors Service. “But advanced cyber practices remain out of reach for many issuers, and survey responses raise questions about the effectiveness of some cyber initiatives.”
In a prior survey conducted by Moody’s, 61% of cyber managers reported to a C-suite individual. The current survey indicates 90% of cyber managers report to C-suite individuals.
A global cybersecurity workforce gap of about 3.4 million exists, despite the 464,000 people that joined the cybersecurity profession between 2022 and 2023, the survey found.
This cyber security talent shortage coupled with generative AI use introduces new risks, according to Terrelonge.
Topics Trends Cyber Pricing Trends
Was this article valuable?
Here are more articles you may enjoy.
7 Years of Double-Digit Growth; New Players on Top 25 E&S Insurers List 
AM Best: Commercial Auto Liability Drags Down Segment and it Could Get Worse 
Starbucks Workers Sue Over Company’s New Dress Code 
Two More HO Insurers Join Florida Market, One Led by Former Metromile CEO 
