Latest Report Identifies Increasing Disparity in Cyber Insurance Coverage

Highlights:

• Increased claims have led to a surge in insurance costs, as 67% of respondents reported a 50% to 100% rise in cyber insurance rates during application or renewal in the past year.
• The report highlights that since a significant portion of cyberattacks involve stolen credentials, it’s unsurprising that insurance providers are mandating relevant security measures.

Privileged access management firm Delinea Inc. has just issued a report revealing a widening gap in cyber insurance coverage. Providers are cutting exposure while organizations disregard critical details within insurance policies.

Based on a U.S. organizational survey, the 2023 State of Cyber Insurance report discloses a growing gap in cyber insurance policies and a remarkable rise in the time and effort required to secure such insurance. The number of companies needing six months or more to obtain cyber insurance has surged compared to a year ago.

Rising cyberattacks fuel the challenge of obtaining cyber insurance, with 47% of surveyed companies stating they filed multiple cyber insurance claims within the past year, contributing to this heightened difficulty. Increased claims have led to a surge in insurance costs, as 67% of respondents reported a 50% to 100% rise in cyber insurance rates during application or renewal in the past year.

As companies secure and afford cyber insurance, their capacity to make policy claims is diminishing due to insurance providers expanding their list of exclusions. Exclusions rendering cyber insurance coverage void encompass absent security protocols in 43% of policies, human error in 38%, acts of war in 33%, and non-compliance with proper procedures in another third.

Numerous organizations are increasing their expenditure on cybersecurity solutions to bolster protection and meet the escalating prerequisites for cyber insurance. Almost every organization obtained at least one security solution before approval, with 81% securing the necessary budget for desired cyber insurance and 36% stating their company now mandates having cyber insurance.

The report highlights that since a significant portion of cyberattacks involve stolen credentials, it’s unsurprising that insurance providers are mandating relevant security measures. Roughly half of respondents indicated that their cyber insurance policies necessitate identity and access management (IAM) and privileged access management controls.

Joseph Carson, the Chief Security Scientist and Advisory Chief Information Security Officer at Delinea, commented, anticipating the report’s publication, “If organizations don’t already have these access control solutions, it’s time to implement them before they shop for or try to renew cyber insurance. These are essential security controls to add to cybersecurity strategies, along with basics like anti-malware software, data encryption, firewall and intrusion detection, patching and vulnerability management.”

Theresa Le, Chief Claims Officer at cybersecurity insurance provider Cowbell Cyber Inc., emphasized that enterprises must adopt a business-centric approach to security.

“Those organizations that take the time to prepare and run risk assessment as part of the cyber insurance process are one step ahead,” Theresa explains. “When a cyber-incident occurs, it is of lesser severity because they are prepared and engage immediately with the resources provided by cyber insurance.”

Le also suggested that businesses consider insurers that offer a risk assessment of their organization, aiming to address identified security vulnerabilities before providing a quote. “A thorough process should include industry-specific evaluations such as the use and protection of an operational-technology network in manufacturing or the volume of regulated records — personally identifiable information, protected health information and the like — processed by the organizations in sectors such as healthcare or financial services.”