Insurers and asset managers worldwide are significantly increasing their investment in cybersecurity, according to a new survey by Moody’s.
The report, based on responses from 110 firms in both industries, points to long-term strategies and advanced cyber defenses that are being implemented amid the rising frequency and sophistication of cyber threats and stricter regulatory demands for enhanced cyber resilience.
According to the study, spending on cybersecurity among insurers and asset managers has surged, increasing by over 50% between 2019 and 2023. During this period, the percentage of total IT budgets dedicated to cybersecurity grew from 5% to 8%. Additionally, the workforce specifically for cybersecurity has expanded by roughly 23%.
With their access to vast amounts of sensitive personal and financial data, both sectors are highly focused on implementing advanced cybersecurity measures. The poll found that nearly all respondents use sophisticated tactics, including vulnerability assessments and penetration tests.
Moreover, every company surveyed has developed an incident response plan, and 98% engage in multiyear planning to mitigate cyber risks.
Managing third-party vendor risk is another priority for insurers and asset managers. Nearly all respondents (99%) require cybersecurity assessments for new vendors in most, if not all, cases. In addition, 91% of vendors undergo continuous evaluations to ensure ongoing compliance.
The use of cloud services is also expected to expand, with survey participants planning to reduce their on-site IT infrastructure from 65% to 55% over the next year. Public cloud solutions are the preferred option, currently hosting 20% of insurers’ and asset managers’ IT environments.
Meanwhile, the adoption of standalone cyber insurance shows notable regional variation. In the Americas, 94% of companies reported having cyber insurance, while 55% of respondents in Europe, the Middle East, and Africa (EMEA) and only 29% in the Asia-Pacific region have similar coverage.
Typical policies provide protection against business interruptions, incident response costs, regulatory fines, and ransom payments.
What do you think about this story? Share your thoughts in the comments below.