Delinea published its 2023 State
of Cyber Insurance report finding that a
significant gap is emerging between insurance carriers and organizations who
are still scrambling to get affordable, comprehensive coverage. The report,
based on a survey of over 300 organizations in the US, found that the time and
effort to obtain cyber insurance is increasing significantly, with the number
of companies requiring 6 months or more skyrocketing year over year.
The survey, conducted by
Censuswide on behalf of Delinea, looked to uncover new trends and evolving
patterns since a similar report last year, which established that the demand
for cyber insurance was at a fever pitch. This year, companies that used their
cyber insurance more than once increased to 47%, while 67% of respondents noted
that their insurance rates increased 50-100% upon application or renewal. While
only one organization said it took longer than 6 months to obtain or renew
cyber insurance in the 2022 report, over 20 respondents indicated it took that
long in this year's survey.
However, the survey found that
there is an increasing list of exclusions that could make cyber insurance
coverage void, including lack of security protocols in place (43%), human error
(38%), acts of war (33%), and not following proper compliance procedures (33%).
Even if organizations are able to get or renew cyber insurance policies they
can afford, their claim may get denied or reduced because of the fine print.
"Over the past year, it's become evident that cyber insurers are
learning from their data and are now maturing. In the early days of cyber
insurance, they were just trying to address a huge demand, but now they realize
they must reduce their own exposure to both avoidable and uncontrollable
circumstances," said Joseph Carson, Chief Security Scientist and Advisory CISO
at Delinea. "Our survey results find that most organizations are not
approaching cyber insurance with the same diligence - they are simply looking
to get covered. What they're not checking is whether the policy they had last
year is what they need now, or if their policy changed at renewal. This ‘cyber
insurance gap' could put a lot of organizations in a tough place when a
cybersecurity incident occurs, and they want to utilize this financial safety
net."
That said, many organizations are
continuing to invest in cybersecurity solutions to protect their organizations
and meet increasing requirements for cyber insurance. Ninety-six percent (96%)
of organizations purchased at least one security solution before their
application was approved. Furthermore, 81% received the budget they needed to
get their desired cyber insurance policy, with 36% of respondents noting that
it is now a requirement from Boards of Directors and executive management teams.
Considering that the majority of
cyberattacks involve stolen credentials, it's no surprise that insurance
providers require related security controls. About half of respondents reported
that Identity and Access Management (51%) and Privileged Access Management (49%)
controls are required by their cyber insurance policies. Again, leadership is
making budget available as 50% purchased IAM solutions, 45% acquired a password
vault, and 44% acquired PAM controls needed to secure their coverage.
"If organizations don't already
have these access control solutions, it's time to implement them before they
shop for or try to renew cyber insurance. These are essential security controls
to add to cybersecurity strategies, along with basics like anti-malware
software, data encryption, firewall and intrusion detection, patching, and
vulnerability management," Carson continued.
To
download a complimentary copy of the
2023 State of Cyber Insurance
report from Delinea, visit
https://delinea.com/resources/cyber-insurance-report-2023.