Delinea: Identity and Privilege Compromises a Key Concern
The cyber insurance market is undergoing a significant transformation, driven by the increasing frequency and sophistication of cyber attacks. A recent survey of 300 decision-makers, conducted by Delinea, reveals that 77% of companies with cyber insurance have previously filed a claim, with 62% filing a claim in the past 12 months alone.
This high claim rate is prompting insurers to reassess their risk models and implement more stringent requirements for policyholders. Identity and privilege compromises now account for 47% of attacks leading to insurance claims -- it’s more critical than ever to have strong identity security measures in place.
In response to these upward trends, insurance companies are mandating specific security controls before granting policies. Over 40% of insurers now require least privilege access controls and authorisation measures as a prerequisite for coverage. It's clear traditional security measures are no longer sufficient in the face of today's cyber threats.
The impact of these new requirements is significant. The survey found that 95% of U.S. companies had to invest in identity security solutions before obtaining a policy.
This investment often includes implementing multi-factor authentication, privileged access management, and identity governance and administration (IGA) systems.
AI and Cyber Insurance
While overall cyber insurance costs are on the rise, with more than half of surveyed companies reporting an increase, artificial intelligence (AI) is emerging as a potential solution to mitigate these costs. The report indicates that 50% of U.S. companies are now using AI-supported threat detection and monitoring to reduce their cyber insurance premiums
AI's role in cyber insurance extends beyond cost reduction. It's increasingly being employed to enhance risk assessment processes, improve threat detection capabilities, and streamline the claims process. By analysing vast amounts of data in real-time, AI systems can identify patterns and anomalies that might indicate potential security breaches or vulnerabilities.
The greater portion of cybersecurity incidents that have reached the level of a claim are root-caused back to harvesting a credential, compromising an insider, using a third party that had access to your systems, etc., so when organisations are being evaluated for renewals, these are the questions that are asked.
Cyber Insurance Assessments
The maturation of the cyber insurance industry is evident in the increasingly detailed assessments required before policies are granted. The survey reveals that most organisations opt to conduct these assessments internally, while others engage third-party risk assessment teams to provide an unbiased evaluation of their security posture
These assessments are not a one-time event. Insurers are now requiring ongoing evidence of effective security controls. The survey found that insurance claims could be denied if security controls are not properly maintained, configured correctly, or working as expected
When considering the expectations of insurance carriers and underwriters, identity security has become a fundamental requirement. The way cyber insurance companies measure risk is based on incidents, law, and claims.
As we reverse engineer cyberattacks, often-times there were soft spots in identity management. You must have a good narrative of integrated controls and a holistic story on how you're mitigating unauthorised access risk and protecting identities.
The complexity of modern IT environments is a significant factor driving up insurance costs. As the number of identities increases and IT infrastructures become more intricate, more resources are required to complete insurance assessments, address security gaps, and demonstrate evidence of effective cybersecurity measures.
**************
Make sure you check out the latest industry news and insights at InsurTech Digital and also sign up to our global conference series - FinTech LIVE 2024
**************