Black Hat USA 2025: Insurers Limit Vendor Exposure
🛡️ At Black Hat USA 2025 speakers warned that high cyber-insurance premiums can reflect insurers capping exposure to specific third-party vendors rather than a direct finding of poor security in a customer’s environment. Insurers may respond to exceeded vendor thresholds by issuing prohibitively high quotes instead of declining coverage, effectively pricing some customers out. Claims data presented showed 45% of new claims in H1 2025 involved an SSL VPN lacking MFA, and Coalition reported 55% of ransomware begins at perimeter devices.
