Hi, I'm Darren Thompson. I'm the Vice President of Product Marketing at One Identity. Premiums in cyber insurance have been rising almost exponentially now for a couple of years as a result of cyber activity, primarily, ransomware. It's really important to remember that the insurance industry is very, very old, established in London after the Great Fire of London in 1666, but cyber insurance is extremely young and rapidly maturing.
Unfortunately, during that maturing process, ransomware happened. And in particular, enterprise ransomware, where the ransomware attackers went after very large businesses who could afford to spend a lot of money on a ransomware claim. So insurers now are panicking. There's been a run on the bank, primarily caused by ransomware, and that causes two things to happen.
First of all, it involves insurance premiums being raised, so we pay more for our cyber insurance. And second of all, it means limits come down. Insurers are not prepared to cover as much. And so, very often, businesses are unable to get the amount of cyber insurance they would like at a price that is reasonable.
Cyber insurance premiums are likely to continue to rise, probably at roughly the rates that we've seen over the past couple of years. Ransomware is not slowing down. It's becoming much more sophisticated. We're seeing claims go up and up exponentially year on year.
A ransomware claim seven years ago was on average around $1,000. Now, we're seeing tens of millions of dollars in claims from single organizations. So the dynamic is not going to change. What can change, though, is the level of security maturity that organizations embed into their organizations. If you want to have a reasonable conversation with an insurance broker, it's a really good idea to raise your maturity, generally speaking, in security strategy.
Things that organizations should be doing to address some of these issues really start with identity. If you look at the questionnaires, the questions that insurers are asking organizations about their security maturity, in most cases, over 50% of the questions asked have something to do with identity. Have you implemented multifactor authentication, for example, have you implemented privileged access management, as another example. So organizations that are already maturing that side of their security strategy are very likely to have a better conversation with a cyber insurer.