According to a new study by Moody’s, insurance companies and asset managers around the world are significantly increasing their investments in cybersecurity.

The report, based on responses from 110 companies across both industries, points to long-term strategies and advanced cyber defenses being implemented amid the increasing frequency and complexity of cyber threats and more stringent regulatory requirements to enhance cyber resilience.

According to the study, cybersecurity spending among insurers and asset managers increased by more than 50% between 2019 and 2023. During this period, the percentage of total IT budgets devoted to cybersecurity increased from 5% to 8%. Additionally, the cybersecurity workforce expanded by about 23%.

With access to vast amounts of sensitive personal and financial data, both sectors are heavily focused on implementing advanced cybersecurity measures. The survey found that nearly all respondents are using advanced tactics, including vulnerability assessments and penetration testing.

Additionally, every company surveyed has developed an incident response plan, and 98% engage in multi-year planning to mitigate cyber risks.

Managing third-party vendor risk is another priority for insurers and asset managers. Nearly all respondents (99%) require cybersecurity assessments of new vendors in most, if not all, cases. Additionally, 91% of vendors undergo ongoing assessments to ensure ongoing compliance.

Cloud usage is also expected to expand, with survey respondents planning to reduce their on-premises IT infrastructure from 65% to 55% over the next year. Public cloud solutions are the preferred choice, currently hosting 20% ​​of insurers’ and asset managers’ IT environments.

Meanwhile, the adoption of standalone cyber insurance shows significant regional variation. In the Americas, 94% of companies reported having cyber insurance, while only 55% of respondents in EMEA and just 29% in Asia Pacific have such coverage.

Typical policies provide protection against business interruption, incident response costs, regulatory fines, and ransom payments.

What do you think of this story? Share your thoughts in the comments below.