Prepare to renegotiate: Results from Delinea’s 2023 Cyber Insurance Report
Joseph Carson
Cyber insurance allows you to transfer risk, so that risk to the business becomes acceptable. With cyber insurance, even if the worst happens, you’ll have the financial means to recover, return to operations, and eventually serve customers.
But cyber insurance is not cybersecurity. It’s an important distinction that cyber insurers and organizations seeking cyber insurance are beginning to understand more clearly.
In our 2023 cyber insurance survey, we explored trends that impact the process of obtaining cyber insurance and policy coverage and exclusions. The report is packed with data to help you shop for cyber insurance, prepare for an evaluation, get better coverage, and potentially lower your rates.
Cyber insurers are getting more stringent and prescriptive about the best practice security controls
As the report explains, the cyber insurance industry is maturing rapidly and trying to right itself after years of escalating cyber incidents and massive payouts. Insurers have gathered valuable historical incident and data breach analyses to better quantify risk and understand the factors that impact their risk exposure. As a result, they’re getting more stringent and prescriptive about the best practice security controls they require before granting coverage.
What do these trends mean for cyber insurance customers?
- This year, you probably can’t rely on the same policy you had last year. Get ready to renegotiate.
- Economic pressure means more companies must find the money for increasing insurance rates from within their existing budgets while also finding money to purchase new solutions and hire staff. In fact, 96% of survey respondents purchased at least one new security solution before being approved by carriers.
- “Gotchas” abound, so don’t relax your cybersecurity now. All survey respondents had at least one exclusion in their policy that would void coverage. If post-event investigations find you didn’t follow cybersecurity best practices, you likely won’t get the safety net you expect.
- The whole process takes significant time and diverts attention away from other priorities that might do more to help you reduce your risk. Most alarming, the number of companies requiring 6+ months increased 21X over last year.
- Put some money aside for emergencies. All respondents in the survey had at least one attack-related expense that wouldn’t be paid for by cyber insurance.
Cyber insurance requirements for Privileged Access Management are increasing
Cyber insurance policies typically require or strongly recommend implementing various security solutions to mitigate cyber risks. While specific requirements may vary among policies and insurance providers, the survey uncovered some commonly demanded security solutions you’ll need before a policy is granted.
Considering that most cyberattacks involve stolen credentials, it’s no surprise that insurance providers require related security controls. Starting with Identity Access Management (IAM) and Privileged Access Management (PAM), insurance companies insist on security controls that prevent credential theft and contain attacks should credentials be stolen or used for unauthorized access.
When it comes to purchasing solutions, companies were more likely to add IAM, PAM, and MFA to their security arsenal this year than last to meet growing cyber insurance requirements.
Get your copy of the 2023 cyber insurance report now to see all the data and understand how these trends can impact your cybersecurity program.