Why a SOC Has Become a Top Requirement for Cyber Insurance

It seems that everyone is trying to identify the next bubble to take some type of advanced action to avoid it or take advantage of it. Many of us have lived through more than one. There was the IT bubble at the start of the century followed by the housing bubble in 2008. Bubbles are natural economic cycles that periodically occur in a free market society. They are created when the demand for a product or market segment becomes overly exuberant. While some bubbles burst and lead to economic hardship, many simply lead to some type of market reset that readjusts demand to a sustainable equilibrium once again.

An Example of How Bubbles Work

A prime example is the housing bubble. Finance companies had eased mortgage qualifications through programs such as no-income verification loans and so forth. As a result, a great number of high-risk loans were issued with little concern. When conditions changed, mortgage defaults became the new norm and home prices crashed. Finance companies began going belly up and soon, the process to obtain a mortgage became much more stringent.

Is Cyber Insurance the Latest Bubble?

We start out with this brief history because the current cyber insurance bubble mimics the housing bubble in many ways. It wasn’t long ago that Insurance companies were all too willing to issue policies to cover incidents that they deemed improbable and unlikely to occur. Unfortunately, hackers and malicious cybercriminal organizations had taken advantage of the presence of COVID in a digitally transformed world and attacks quickly surged. As an example, the number of new cyber insurance issued in 2020 nearly doubled according to the U.S. Government Accountability Office (GOA). This of course stimulated a surging demand for policies.

Insurance companies began bleeding money as the payouts for ransomware attacks grew existentially overnight, creating massive direct-loss ratios for those policies. Case in point, in 2021, the CNA Insurance Company was forced to payout $40 million for their client to regain control of their systems, the highest disclosed ransom to date. It’s those kinds of payouts that now lead the industry to believe that the cybercrime costs will reach $10.5 trillion by 2025. The losses have become so great that Lloyds of London began discouraging its syndicate from taking on new policies in 2022. This shouldn’t be surprising as U.S. cyber insurance market in 2020 alone experienced a combined loss ratio of 103%. With losses like these, something must give, and it is.

Why Cyber Insurance is in Such Demand

So why did so many companies suddenly clamor for cyber insurance. From a business perspective, it’s an easy way to pass the buck. The average cost to recover from a ransomware attack in 2021 was $1.4 million. A large share of that is the ransom but it also includes the expense of mediation, forensic investigations, and costly business disruption. Much of these costs are reimbursed for those lucky enough to purchase and retain a cyber insurance policy. With companies begging for some type of policy and insurance companies all too eager to supply them, things were destined to go wrong real quick.

Cyber Insurance Now Harder to Obtain

Suddenly, the cost of purchasing these policies grew to reflect their accelerated risks. As an example, American International Group Inc implemented a global price increase last year of nearly 40%. According to the Risk Strategies’ State of the Market 2022 Report, cyber insurance rates in general rose 89% in the fourth quarter of 2021. For an MSP that has multiple clients, these cost increases can be debilitating, forcing them to upcharge their clients.

But its more than just a matter of paying higher prices now. Insurance companies understandably don’t want to be the fall guy, the one that gets saddled eating the costs in the end. Insurers want clients that can prove an adequate security posture. Just as a life insurance company would be apprehensive about selling a policy to a Hollywood stunt person, cyber insurance companies don’t want to take on clients that aren’t taking proactive measures to reduce their risk exposure. Insurers are even starting to dictate some of the components that should be included in a security portfolio. The reasoning is simple. Companies that don’t have the necessary tools and personnel to secure their environments are less resilient and more vulnerable to costly attacks.

One example is an insistence that is becoming known as the MFA mandate. Multifactor authentication requires two or more verification methods for users to gain access to their email, system, or online applications. Because so many cyberattacks are initiated through phishing attacks, policy holders are now obligated to maintain an MFA solution to have their policies honored.

Insurers are Requiring a SOC

But MFA is only one part of the required equation today. Insurers want their clients to know what is going on in their networks. After all, if you don’t have visibility into all areas of your digital landscape, how on earth can you protect it. For many insurers, this means partnering with a security operations center (SOC). A SOC clearly demonstrates a proactive approach to cybersecurity. SOCs provide 24×7 monitoring by a dedicated highly experience security team with eyes on the board, aided by AI that analyzes data in real time.  Together they keep on the lookout for suspicious traffic, security events, and digital behavior that is out of the norm.  The addition of a SOC is a perfect supplement for MSPs looking to make the transition to an MSSP.

Advantages of a SOC

A SOC is more than a managed detection and response system however. A SOC is vendor neutral, making them ideal for MSPs that must support multiple technology environments and need a solution that can easily integrate with a customer’s existing security stack. A SOC provides expertise that can fill in knowledge existing gaps that may be holding you back. A SOC provides other services as well. A reputable SOC provides security information and event management (SIEM) that support threat intelligence for all your integrated systems. In the event of an attack, a SOC can prove invaluable by providing incident response teams on demand as well as forensic investigation teams.


Qualifying for cyber insurance requires a lot more than a signature and first month payment up front. It’s about being able to prove that your organization is serious about cybersecurity and that you aren’t looking for an easy out when things go bad. Cyber insurance companies aren’t just looking for mere customers. They are looking for serious players who know how to negate risk. That starts with having a team in place that has complete visibility into what is happening across your IT estate. There are multiple ways to obtain a SOC. You can create one from the ground up, use the services of a SOCaaS (SOC as a service), or you can partner with an established SOC Platform that has been securing businesses and MSPs of all sizes and industry types. Things have changed today, and organizations must change too. It’s no longer viable to not have the right security tools and services in place, and even if you are willing to accept that level of risk, your cyber insurance company clearly won’t.

Sign Up for Updates