Cyber insurers play harder to get as claims increase
A new survey of over 300 organizations in the US finds that the time and effort to obtain cyber insurance is increasing significantly.
The survey, conducted by Censuswide on behalf of privileged access platform Delinea, looked to uncover new trends and evolving patterns since a similar report last year and finds that the numer of companies using their cyber insurance more than once increased to 47 percent.
While only one organization said it took longer than six months to obtain or renew cyber insurance in the 2022 report, but over 20 respondents say it took that long in this year's survey. While 67 percent of respondents note that their insurance rates had increased by as much as 50 to 100 percent on application or renewal.
The study also finds that enterprises face a growing list of exclusions that could make their cyber insurance coverage void. These include lack of security protocols in place (43 percent), human error (38 percent), acts of war (33 percent), and not following proper compliance procedures (33 percent). Even if organizations are able to find or renew cyber insurance policies that they can afford, their claim may get denied or reduced because of the fine print.
"Over the past year, it's become evident that cyber insurers are learning from their data and are now maturing. In the early days of cyber insurance, they were just trying to address a huge demand, but now they realize they must reduce their own exposure to both avoidable and uncontrollable circumstances," says Joseph Carson, chief security scientist and advisory CISO at Delinea. "Our survey results find that most organizations are not approaching cyber insurance with the same diligence -- they are simply looking to get covered. What they're not checking is whether the policy they had last year is what they need now, or if their policy changed at renewal. This 'cyber insurance gap' could put a lot of organizations in a tough place when a cybersecurity incident occurs, and they want to utilize this financial safety net."
The report shows that 96 percent of organizations have purchased at least one security solution before their insurance application was approved. Indeed insurers are often insisting on improved controls. About half of respondents report that Identity and Access Management (51 percent) and Privileged Access Management (49 percent) controls are required by their cyber insurance policies.
The full report is available from the Delinea site.
Image Credit: FuzzBones/Shutterstock