Delinea’s 2023 State of Cyber Insurance Report has revealed a growing disconnect between carriers and enterprises seeking robust coverage. Insights from 300 US organizations highlighted an escalating trend: securing cyber insurance is increasingly challenging, with more firms requiring over six months for policies.
The survey, conducted by Censuswide on behalf of Delinea, sought to identify shifting patterns since last year’s analysis. This year’s findings demonstrate that companies making multiple claims surged to 47%, while 67% of respondents reported insurance premiums surging by 50–100% during application or renewal.
“Businesses should opt for insurers that include a risk assessment of the organization with the goal to remediate identified security weaknesses prior to quoting,” explained Theresa Le, chief claims officer at Cowbell.
“A thorough process should include industry-specific evaluations such as the use and protection of an OT network in manufacturing or the volume of regulated records (PII, PHI or other) processed by the organizations in sectors such as healthcare or financial services.”
The survey also exposes a growing list of exclusions that could potentially render cyber insurance coverage null, encompassing factors such as inadequate security protocols (43%), human errors (38%), acts of war (33%) and non-adherence to compliance procedures (33%). Even organizations that succeed in procuring or renewing policies may face claim denials or reductions due to intricate policy stipulations.
“The increasing list of exclusions and limitations means organizations must understand the fine print within the policies to ensure their claim would be approved,” commented Joseph Carson, chief security scientist at Delinea.
“If organizations don’t follow the policy claim procedure, they could find themselves with certain incident or data breach costs that might not get covered as part of the claim, so it is critical to know the correct procedure before you need to use it in the middle of a cyber-attack.”
Despite challenges, 96% of organizations procured a security solution pre-approval, while 81% secured the necessary budget for desired cyber insurance coverage. Leadership buy-in is also evident, with 36% of respondents indicating board and executive management mandates.
Read more on cyber insurance: Cyber Insurance, A Must-Have for Small Businesses
Given the prevalence of cyber-attacks stemming from compromised credentials, the study highlights the essential role of security controls. Approximately 51% of respondents indicate Identity and Access Management (IAM) controls as policy requisites, closely followed by 49% citing Privileged Access Management (PAM).
With cyber insurance shaping up as a strategic imperative, organizations are also aligning budgets – 50% invested in IAM solutions, 45% procured password vaults and 44% acquired PAM controls to fortify their coverage.