There is a positive correlation between insurance companies’ credit ratings and their cybersecurity, according to a new report from Fitch Ratings.
The report used SecurityScoreCard’s (SSC) grading platform to analyze the cybersecurity risk of more than 400 global insurance companies, representing about two-thirds of global insurance premiums. It found a positive correlation between companies’ Fitch-assigned credit ratings and SSC’s cybersecurity grades. This implies that insurance companies that prioritize carefully managing their own credit risk also seem to be better at managing their cyber risk.
The report also delved into correlations between SSC grades and other attributes such as country and sector, along with key financial attributes such as capital strength, profitability and size, Fitch said.
“The global insurance industry experienced several high-profile cyber events in 2021,” said Keith Buckley, global insurance group head at Fitch. “In particular, ransomware is an industry issue that is a growing concern. As a result, cyber is becoming increasingly important to our ratings analysis.”
SSC’s cybersecurity grades provide insights that aren’t captured by traditional financial statements and credit analysis, Fitch said.
“Instead, systems attributes such as network segmentation, attack surface, endpoint security and digital footprints are most important in understanding an insurer’s cyber health,” said Fitch Director Gerry Glombicki. “Fitch’s partnership with SSC gives Fitch insights into these considerations and helps us better assess cyber risk.”