Only half of APAC use cyber insurance – Moody’s

About 31% of respondents expressed their intention to acquire additional coverage in 2023. 

Asia-Pacific (APAC) executive teams exhibit strong cybersecurity oversight, but board involvement lags behind its global counterparts. Unlike other regions, many APAC issuers do not invest in cyber insurance, despite the increasing frequency of cyberattacks, Moody’s reported.

Cyber insurance, widely embraced elsewhere, is only utilized by about half of APAC respondents. However, a significant portion of them expressed a strong inclination to expand their coverage, results showed from Moody’s APAC cyber survey.

Standalone cyber insurance is now a crucial component in the risk management strategies of many issuers. Globally, it enjoys widespread adoption, even in the face of substantial premium hikes in recent years.

In the region, slightly over 50% of issuers currently have standalone cyber insurance, a notable increase from 38% in 2021.

However, when compared to other regions, particularly the Americas, where 85% of issuers have embraced cyber insurance, APAC's adoption rates still lag behind.

Other survey findings

Notably, APAC respondents are adopting advanced cybersecurity measures such as ethical hacking tests, while some overlook fundamental practices like regular system backups. 

The survey witnessed a substantial increase in APAC engagement, with 186 respondents, up from 42 in 2020.

Executive supervision of cybersecurity is robust, yet board engagement falls short of global norms. Findings suggest that the visibility of cyber managers within an organisation corresponds to healthy cyber budgets and the adoption of advanced defence practices. 

ALSO READ: Global cyber insurance market to see 50% growth in next five years: Swiss Re

APAC boards of directors are less actively involved in cyber matters compared to other regions. 

There is room for improvement in vendor cyber risk management. While 60% of APAC issuers insist on a cyber assessment for all new vendors with access to their systems, ongoing assessments are demanded from only 49% of these vendors. 

This gap in stringent vendor review is noteworthy, particularly in light of the evolving cyber threat landscape and recent supply chain cyberattacks.

Cybersecurity budgets have doubled in the past five years, reinforcing in-house expertise and risk mitigation. In the APAC region, the average growth rate of cybersecurity budgets reached an impressive 110%. 

Issuers are actively adopting advanced practices like red team testing, and simulating real-world cyberattacks, but some still neglect basic measures such as system backups and end-of-life software tracking.

Outlook

In the future, Moody’s expects a growing number of APAC issuers to adopt standalone cyber insurance policies. 

The findings from the survey indicate a substantial appetite for mitigating cyber risk, as 31% of respondents expressed their intention to acquire additional coverage in 2023. 

Notably, financial services issuers, in particular, have shown keen interest in expanding their coverage, with 34% of them expressing their intent to do so.

Challenges persist in establishing financial risk thresholds, and new risks are emerging. Issuers are modelling the financial consequences of cyber risks, but only a few are utilizing these models for effective risk management. 

Additionally, Generative AI, a topic not covered in the survey, presents new risks. While the future credit impacts of this technology remain uncertain, its overall influence on cybersecurity may lean negatively over the next three to five years