Delinea | Privileged Access Management Blog

Cyber Insurance Report Paints a Troubling Picture

Written by Joseph Carson | Nov 10, 2022 1:00:00 PM

There were many findings in our recent research report on cyber security that weren’t a surprise. The survey confirmed what you’d expect: demand is high for cyber insurance policies and cyber insurance costs are rising.

The other findings in the report caught me by surprise.

We at Delinea looked beyond the cyber insurance statistics to explore the dynamics of decision-making, both when businesses seek cyber insurance and when they decide to use it.

The report investigates the real-life experiences of 300+ IT decision-makers that have navigated the shifting insurance landscape to understand the benefits and requirements of cyber policies as they attempt to answer the question, “is cyber insurance worth it?


Surprises beyond the cyber insurance statistics

80% of businesses have used their cyber insurance. Half of them have used it at least twice.

This was the first statistic to give me pause.

What does this figure say about the state of cybersecurity, if such a high percentage of people are relying on insurance as a safety net? It reinforces the truth that it’s not a matter of “if” you’ll experience a cyberattack, but rather, “when” that attack will happen, and “how” you’ll be able to recover.

Cyber insurance won’t protect your business from cybercrime, just like an auto insurance policy won’t protect you from an accident. It’s purely a financial safeguard to help your organization bounce back faster from a cyber incident.

Of course, preventive security controls reduce your risk, but it’s layers of security that will help you detect and contain a cyberattack before it can expand and cause widespread damage. I’m talking about the damage that requires you to inform your cyber insurance provider, regulators, customers, and partners that you’ve had a breach.

Scour your cyber insurance policy before agreeing to any plan

Confusion abounds when it comes to purchasing cyber protection—and many business leaders have more cyber insurance questions than answers. In fact, many businesses are rushing into cyber insurance policies without fully understanding the implications.

Cyber insurance coverage varies from provider to provider. The typical cyber insurance policy covers costs from damages and recovery after a ransomware attack, data breach, or another cybersecurity issue. Purchasing a cyber insurance policy can provide protection against costs associated with forensics, investigations, lawsuits, and compliance fines. It may protect your business from extortion payments—even though the FBI warns businesses not to make ransomware payments in the first place.

Here’s the catch.

Our survey found that over 50% of respondents say their policies don’t provide coverage for critical needs like ransomware recovery and data recovery. It shows that you need to look carefully at your coverage. Instead of assuming, map your policy coverage to your highest risks and most likely attack scenarios to get an accurate picture of your cyber resilience.

A crazy thought about how to use cyber insurance

The results of the report made me think about the CISO who is struggling to get the budget needed for cybersecurity solutions and trained staff. Turns out cyber insurance may offer that person an unexpected option.

The report showed that Boards of Directors and executives are very willing to pay for cyber insurance. For most organizations, requests for cyber insurance come straight from the top. Even with costs rising, they’re finding the budget for insurance, even as they may be cutting back on purchasing technology and hiring talent.

The good news—albeit counterintuitive—is that some cybersecurity insurance policies will pay for security software after an attack occurs.

While it’s not always possible to secure the budget to purchase technology and hire experts based on the CISO say-so, you might be able to leverage executive and board-level interest in cyber insurance to obtain critical resources.

If your company is having trouble allocating the necessary budget for security tools, it might make sense to wait for a breach! (Obviously not a great option for IT and security leaders who want to stay ahead of attackers).

Additional findings from Delinea’s report

Here are a few additional takeaways from Delinea’s cyber insurance report.

The process moves quickly

While buying cyber insurance isn’t an overnight process, it still moves relatively quickly. Most companies secure cyber insurance within three months. Start planning now if you want to move forward aggressively with cyber insurance.

Delinea’s Cyber Insurance Readiness Checklist can help.

Carriers are wising up

The cyber insurance landscape is evolving, with carriers making it more difficult for companies to receive coverage. Insurance companies are raising premiums and making underwriting questions more complex in an attempt to maximize profits and improve accuracy. As carriers continue to optimize their strategies, you must do the same. Knowing the major cyber insurance players and shopping around for the best rates is essential when it comes to getting the best possible coverage at the lowest cost.

Not all cyber insurance standards are equal

When browsing for cyber insurance coverage, you’ll find that carriers have different requirements and standards. For example, some require a simple self-assessment while others require comprehensive coverage in order to obtain a policy. In fact, just 35% of cyber insurance policies require Privileged Access Management (PAM), which is a critical strategy for limiting access to sensitive information.

When you’re in the process of purchasing cyber insurance, it’s a great time to assess your cybersecurity strategy, identify areas where your business is lacking protection, and figure out how to improve your security stance.

To learn more about the state of cyber insurance, download Delinea’s free report today