MSSP, MSP, Cybersecurity insurance, Industry Regulations

Insurance Companies are Offering Clients Cybersecurity Services

(Adobe Stock)

The global cyber insurance market is expected to grow at an average rate of 24.5% a year through 2032 and could reach as high as $120.47 billion by 2032. This is driven by accelerated AI powered cyberthreats, distributed IT environments, and a growing regulatory landscape.

There is plenty of room for that growth, according to Arctic Wolf. In its recent 2025 Cyber Insurance Outlook report, the cybersecurity company noted that only 47% of organizations have cyber insurance policies. Meanwhile, 70% of the 400 insurance brokers and carriers that responded to the vendor’s survey said they expect the number of new claims against cyber insurance policies to grow, due in large part to the ongoing increase in threat activity.

As the cybersecurity and cyber insurance fields continue to converge, both brokers and carriers are adopting measures to help clients better protect themselves from ransomware, data breaches, and other threats. Those steps range from partnering with cybersecurity providers and cyber insurance specialists to offering in-house proactive assistance or support to creating their own cyber risk management services.

“Generally, cyber risk management services provided by insurers and cybersecurity providers have distinct roles and objectives,” the report revealed. “Insurers' services are more likely to focus on financial protection and risk management support (e.g. IR and breach notification costs). Cybersecurity providers focus their offerings on technical solutions and proactive security measures (e.g. managed detection and response and 24x7 security operation centers), alongside vulnerability assessments to mitigate the risk and severity of incidents.”

Both aim to protect organizations from cyberattacks - whether through vendor tools that detect, respond, and mitigate threats, or by encouraging secure practices and covering the financial impact of an incident. MSSPs and MSPs are part of this equation as well. More companies are leaning on them to handle some or all cybersecurity functions, and in many cases to take on a broader strategic role. That reliance not only helps reduce risk but also strengthens a client’s ability to secure cyber insurance.

The Need for Partners

Overall, 43% of insurers have designated cyber practices, which reinforces the need for trusted partners, a role that brokers and carriers are looking to fill.

The report from Eden Prairie, Minnesota-based Arctic Wolf found that 71% of brokers who act as intermediaries between companies and insurers by finding the best policies for customers, are partnering with cybersecurity providers to support their clients. In addition, 94% offer proactive assistant or support in the form of in-house services or pointing their customers to security services partners.

“Through these partnerships, insurance brokers can offer more comprehensive protection for their clients with the added benefit of preventive cybersecurity measures in addition to financial risk transfer,” the authors wrote. “Policy brokers are stepping into a more active role regarding the security posture of their clients.”

For their part, 69% of insurance carriers offer in-house cyber risk management services, with 45% of those charging separately for the services. In addition, 25% direct their policyholders to particular cyber risk management vendors, about half of which have pre-negotiated discounts or terms in place and another half that don’t.

Reducing Risk, Raising Knowledge

Rob Enderle, principal analyst with The Enderle Group, told MSSP Alert that it isn’t surprising that insurance companies are partnering with cybersecurity vendors and cyber insurance specialists. They can help lower the chances of a customer being hit hard by a cyberattack.

At the same time, some partners can also help raise cybersecurity skills and knowledge of the carriers.

“Any expansion of insurance coverage requires a great deal of knowledge about the related risks and current pricing structure,” Enderle said. “Through partnerships like this, that experience is acquired far more quickly, thus lowering the risks of catastrophic failure for the firm needing this expertise.” 

He also suggested that some such partnerships will be “transitory” as the insurance companies institutionalize the knowledge they acquire from them.

“Insurance is gambling at scale, which means control over the related knowledge of the risk landscape is their most lucrative tool,” the analyst said. “Thus, they’ll want this knowledge fully under their control as quickly as possible, which is what dives this need for ownership and control.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds