With more than 60 percent of companies in the United States having filed a cyber insurance claim in the last 12 months, U.S. companies are increasingly adopting advanced technologies such as artificial intelligence to secure cyber insurance coverage and mitigate rising costs, according to a report.
On Tuesday, the identity security service provider Delinea released its 2024 Cyber Insurance Research Report, surveying 306 decision-makers with insights into their organization’s cyber insurance application and renewal processes. The report highlights the growing challenges companies face in maintaining insurability amidst evolving risk factors.
The report revealed that cyber insurance is increasingly dependent on advanced technologies, such as AI and identity solutions, to keep up with the evolving threat landscape. As organizations invest in complex enterprise environments, half of U.S. companies are now utilizing AI-supported threat detection and monitoring solutions.
These advanced technologies are proving instrumental in reducing cyber insurance premiums, giving policyholders a strategic advantage as overall insurance costs rise. Forward-thinking companies are leveraging AI to negotiate lower rates by demonstrating visibility and controls that reduce their risk. They are using AI to ensure that cybersecurity solutions and policies are effective and to manage ongoing incidents. This reduces both the dwell time of threat agents and the impact of attacks, making these companies more adequate for insurance coverage.
The survey also revealed that cyber insurance claims remain high, with 62% of respondents filing a claim in the last 12 months. Notably, over 27% of these respondents have filed multiple claims, highlighting the ongoing and intensifying nature of cyber threats.
In the survey, 79% of companies reported an increase in insurance costs since their latest application or renewal. Respondents cited IT complexity as a driving factor, with policyholders requesting higher coverage limits due to their increased risk profile. As the number of identities continues to grow, more resources are needed to manage these risks.
Complexity in IT environments makes cyber insurance security assessments harder to complete, with disjointed audit and reporting solutions complicating the process of aggregating details and measuring risk. Due to IT complexity and higher risk profiles, insurance companies may be raising prices for all policyholders to ensure sufficient liquidity in case of multiple claims being filed simultaneously.
A key finding from the report is the critical role of identity security in cyber incidents. Nearly half (47%) of attacks resulting in insurance claims are tied to identity and privilege compromises. Additionally, 41% of insurance companies now require proof of authorization or least privilege access controls—a security measure in which users are granted the minimum level of access necessary to perform their job functions—before granting a policy.
“Insurance companies are increasingly requiring proof of robust identity controls, with 41% demanding evidence of least privilege access,” said Rick Hanson, president of Delinea. “Given that identity and privilege compromises account for 47% of attacks leading to insurance claims, this is hardly surprising. Investing in identity security solutions has become essential for securing cyber insurance.”
The importance of identity security is echoed by security and cyber insurance experts. “As cyber insurance claims increasingly result from identity-related incidents, strong identity security is essential,” said Myrna Soto, CEO of Apogee Executive Advisors. “Organizations must prioritize managing privileged access, a key focus for underwriters due to the role this plays in breaches,” Soto added.
“The frequency of claims tied to identity compromises highlights ongoing gaps in many organizations’ security strategies,” said C.J. Dietzman, senior vice president at Allianz Insurance Service. “Insurers now require clear evidence that identity risks are being proactively managed.”
Related article: Security outlook 2024
The Readable reviewed more than 30 reports of cybersecurity predictions, published by vendors and public institutions, and pared them down to five topics: Artificial intelligence, election security, the Paris Olympics, persistent threats, and cyber insurance. Our reporters summarized each topic in approximately 300 words, based on the analysis provided by the original reports. The sources that were referenced can be found at the end of each topic, marked with a hashtag. There is also a full list of reports at the end of the articles. READ MORE
