Insurers and asset managers strengthen cybersecurity oversight and expand budgets: Moody’s

A survey conducted by Moody’s, the credit rating, research, and risk analysis firm, finds that cybersecurity remains a high priority for insurers and asset managers worldwide.

The survey, which included responses from 102 companies across both sectors, indicates that organisations are adopting a multi-layered approach to cyber defence, with boards of directors increasingly involved in oversight.

Investment in cybersecurity continues to grow, with firms expanding budgets, recruiting specialised personnel, and implementing advanced defensive strategies.

Despite widespread adoption of strong cybersecurity practices, Moody’s notes that regional differences remain in areas such as third-party risk management, AI governance, and cyber insurance coverage. The survey reflects company responses and does not constitute a formal assessment of overall cybersecurity readiness.

Moody’s survey highlights that companies are reinforcing executive oversight of cybersecurity, often assigning responsibility to senior C-suite leaders.

Briefings to boards and executive teams are occurring more frequently, and 40% of respondents now link CEO compensation to specific cybersecurity performance goals, up from 24% in 2023, signalling an increased focus on accountability and resilience.

Spending on cybersecurity is rising, with respondents allocating a growing share of IT budgets to protective measures. Approximately half plan to hire additional cybersecurity staff over the coming year, while continuing to invest in advanced defence strategies.

Managing risks from third parties is also a priority, with most companies maintaining formal vendor risk programs, assessing the cyber risks of third-party software providers, and enforcing service-level agreements with critical vendors. Moody’s observes that adoption of these practices is slower in EMEA than in other regions.

In AI governance, more than 80% of respondents have formal policies in place, with larger firms and those in the Americas leading adoption.

The survey also finds significant regional variation in cyber insurance coverage: 90% of respondents in the Americas have standalone policies, compared with 63% in EMEA and 38% in APAC.

Around 21% plan to increase coverage limits in 2025, while the remainder expect limits to remain unchanged. Moody’s notes that while overall cyber insurance prices are falling, 24% anticipate premium increases, 53% expect stability, and 22% foresee decreases.