Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Anyone who has recently looked to renew their organisation’s cyber insurance may have been optimistic about a slowdown in rising premium prices. However, while the average price of cyber coverage fell by 6% in Q1 2024, following declines of 2% and 3% in the two previous quarters, according to international brokerage Marsh, recent high-profile cyber-attacks on the British retail sector have given insurers fresh justification to raise those premiums again, even in industries other than retail.
At the same time, as cyber threats become more complex and varied, insurers have significantly increased the depth and detail of their cyber insurance risk assessments or cyber insurance underwriting questionnaires. These now go far beyond the basics, requiring much more detail about your underlying digital infrastructure, sometimes even needing details like where the CCTV equipment in the data centres housing your data was manufactured. Insurers are also inserting more caveats into
policies, making it harder for organisations to claim in the event of an incident. That’s why it has never been more important to understand the weaknesses in digital infrastructure.
Why digital infrastructure matters
All this paperwork and the potential for extra costs, might feel like a headache. But it’s also forcing many organisations to take a closer look at the resilience of the digital infrastructure underpinning their operations. Making improvements to the buildings, platforms, and systems where data resides can not only help mitigate cyber risk and reduce insurance premiums but have the added benefit of strengthening business continuity and future-proofing the business.
So, with the goal of reducing their cyber risk, what should organisations be looking out for when it comes to their digital infrastructure?
Going beyond the risk assessment
Data centre operators are typically required to meet a range of cybersecurity and compliance standards such as ISO 27001, Cyber Essentials, and Cyber Essentials Plus. But not all providers offer the same level of support when it comes to helping clients complete cyber risk assessments required by insurers. These can be incredibly complex documents, so having a provider like Pulsant to speak to who can guide you through such processes can be invaluable. More importantly, a partner who goes beyond compliance, one who offers clear recommendations for lowering risk, not just ticking boxes, gives a greater level of assurance and peace of mind.
BaaS or DRaaS?
During these insurance audits, one common gap we see is the confusion
between backup-as-a-service (BaaS) and disaster-recovery-as-a-service (DRaaS).
These two are not the same. Backup-as-a-service ensures critical data is saved and can be restored if lost, whether through a cyber-attack or simple human error (which happens often). Disaster recovery, on the other hand, ensures that if an application fails, another data centre can take over instantly, keeping services running. This kind of resilience is crucial, as proved during incidents like the recent cyber-attack on Marks & Spencer, which had to rebuild critical applications from scratch due to not having appropriate DRaaS in place.
While DRaaS can seem costly upfront, we always pose a simple question to clients, “What would a day of downtime cost your organisation?” In most cases, that cost far exceeds the price of implementing disaster recovery, making the business case clear. Importantly, investing in DRaaS also has the added benefit of reducing insurance premiums.
The right location for sensitive data
We are also seeing having the right balance of storage infrastructure as an
overlooked risk. Many clients assume keeping servers in their office or on-site, where they can physically see them, is the most secure option. In fact, enterprise-grade data centres typically follow far stricter security protocols. Private cloud solutions in particular, offer more robust, proactively managed cybersecurity without the internal resource burden. This makes them especially well-suited for data subject to regulatory or jurisdictional requirements. Placing sensitive data on the most secure and appropriate infrastructure not only strengthens resilience but is also viewed positively by insurers.
Consider data sovereignty
Another key factor growing in importance is data sovereignty. With geopolitical tensions on the rise, it has become increasingly important to store data in the country where your business operates and to track where that data travels. This significantly reduces the risk of foreign interference or misuse of your organisation’s sensitive information, again, helping to lower the cost of insurance.
As cyber threats evolve and insurers become more rigorous in how they assess risk, organisations can no longer afford to treat cyber insurance as just a tick-box exercise and should shift towards proactive infrastructure resilience.
By investing in robust disaster recovery solutions, choosing secure and compliant infrastructure partners, reassessing storage strategies, and prioritising data sovereignty, businesses can not only improve their chances of securing affordable cyber coverage but also strengthen their operational resilience overall.
