Delinea | Privileged Access Management Blog

Top Cause of Incidents Resulting in Cyber Insurance Claims

Written by Joseph Carson | Sep 24, 2024 12:00:00 PM

How likely is it that cyber insurance will offset the costs of a cyberattack? What expenses should you expect a policy to pay for? What situations put those payments at risk?

We tackled these questions in our annual cyber insurance research report. Over 300 respondents weighed in to share their perspectives and experiences. You can download the full report here: 2024 State of Cyber Insurance Research Report.

We learned that once companies have cyber insurance, they use it.

The data shows that 77% of companies with insurance have previously filed a claim. In the last 12 months alone, 62% of companies have done so. It’s been a particularly bad year for more than 27% of companies who filed more than once during the previous 12-month period.

Respondents named the most common causes of cyber incidents that lead to insurance claims:

Identity-related compromise – Identity-related attacks typically begin when an attacker uses credentials they have stolen or purchased from an access broker. Without strong identity verification through solutions like multi-factor authentication (MFA), an attacker can impersonate an identity and enter your IT environment undetected.

Privileged account compromise – Privileged accounts are accounts that have elevated permissions to control critical systems and sensitive data, often referred to as admin accounts. When privileged accounts are shared among multiple users, they’re more likely to be compromised.

Third-party/supply chain compromise – Contractors, vendors, and partners often have access to sensitive data and IT systems. For example, IT operations teams often outsource tasks like troubleshooting, and engineering teams commonly scale using external developers. These users may access resources using a shared privileged account or an individual identity. Too often, these types of users operate without sufficient oversight, and access remains in place long after projects are complete, leaving vulnerabilities that bad actors can exploit.

Ransomware – Ransomware often gains a foothold through social engineering or phishing, encouraging users with local privileges to click on a link that downloads malware. Threat actors use ransomware to lock devices and data until victims pay a ransom, often in Bitcoin. Threat groups are increasingly using ransomware-as-a-service to streamline cyberattacks.

Insurance companies recognize these risks increase the likelihood of identity-based attacks. To reduce risk, they want to see evidence of identity security before granting a policy. Nearly all respondents have some form of identity security requirement mandated by their cyber insurance provider, with authorization controls topping the list. Most respondents say cyber insurance policies require multiple identity security controls.

 

Cyber insurance coverage for data back-up and recovery avoids non-compliance fines

We asked companies why they sought insurance coverage at the time they did. Respondents said compliance and regulatory requirements were their main drivers.

It’s an interesting finding because regulations such as PCI, HIPAA, and other compliance frameworks don’t demand that covered entities have cyber insurance. What’s more, cyber insurance isn’t an effective strategy to pay for non-compliance fines. In fact, respondents told us that regulatory fines are the least common expense their cyber insurance policies will pay for.

More likely, the connection is that companies governed by regulations face heavy non-compliance fines regarding data protection. Companies must move quickly to back up and recover data to avoid those stringent fines. Luckily, cyber insurance typically pays for data recovery and backup services to support rapid recovery and business resilience, which also allows you to avoid fines for inadequate data protection.

Cyber insurance is the driving force behind Business Resiliency

The top cyber insurance policies focus on the ability of a business to recover quickly and with minimum impact on its business operations.

Cyber insurance companies see business resiliency as the most effective way to minimize the overall financial impact on an organization. This is why we see many policies relating to ransomware-resilient backup and recovery strategies, priorities around incident response, and mitigation. The less time the business is down has a direct impact on the financial outcome of cyber-attacks or data breaches.

Want to find out more?

Download the cyber insurance report now and see how to improve your cyber risk management program. What you learn will help you prepare for your next cyber insurance assessment and discover ways to lower your costs.