Companies relying on cyber insurance?

Results of recent survey show that cyber insurance is increasingly required by Boards. and Management Teams, though often not covering what is needed.

  • 2 years ago Posted in

Delinea has published a new report showing that cyber insurance not only has become ubiquitous, but more than half of companies that have leveraged their coverage have used it more than once. As a result, insurers are pulling back on covering what is most needed, with only about 30% of organizations saying their policy covers critical risks including ransomware, ransom negotiation, and decision on ransom payment.

 

The survey, conducted among 300 US-based IT decision makers by Censuswide, found that nearly 70% of organizations have applied for cyber insurance, with 93% being approved when they applied, and 65% claiming the process took less than three months. While risk reduction is the main reason for applying (40%), one-third (33%) of respondents claimed that it was also due to requirements from executive management and Boards of Directors, and 25% cited recent ransomware incidents as a primary decision driver. Given the pressure coming from the top, it’s therefore no surprise that 93% received the budget required to purchase their cyber insurance policies even as 75% of respondents said premiums increased in their last renewal.

 

“Executives and Boards use cyber insurance to lower the costs associated with potential breaches. As a result, most organizations are scrambling to buy or renew a policy, even as the insurers pull back on what they will cover and simultaneously raise the price of coverage,” said Art Gilliland, CEO of Delinea. “Our report shows that insurers are increasingly requiring organizations to implement a broader set of security controls to try to reduce the number of customers leveraging their policies. With 80% of companies leveraging their insurance policies, it is expected that more advanced solutions are needed.”

 

Other main reasons cited for applying for cyber insurance were business contract requirements (24%) and recent data breaches (17%). The largest number of respondents (48%) indicated that their policy covers data recovery, while roughly a third indicated it covers incident response, regulatory fines, and third-party damages.

 

To qualify for cyber insurance, a majority of respondents (51%) confirmed that cybersecurity awareness training was a requirement, with just under half (47%) stating they were required to have malware protection, antivirus software, multi-factor authentication (MFA), and backup data. When asked how they met insurers’ Privileged Access Management requirements, a similar percentage said they had suitable existing solutions (43%) as those who had to acquire additional solutions (42%).

 

“Privileged Access Management solutions can help limit the organization’s exposure to risks such as ransomware, and simultaneously keep the potential payout to a minimum if covered by cyber insurance,” Gilliland continued. 

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with...
Kyndryl and WPP, the creative transformation company, have created a modern, digital workplace...
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the...
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
PagerDuty has released a study that reveals service disruptions remain a critical concern for IT...
NVIDIA continues to dominate the AI hardware market: powering over 2x the enterprise AI deployments...
Skillsoft has released new research exploring organizations’ strategic priorities for 2025 and...