A recent survey conducted by Netwrix has shed light on how organizations are mitigating the financial impact of data breaches through cyber insurance policies. The survey included responses from over 1,600 IT and security professionals worldwide, providing valuable insights into the current landscape of cyber insurance.
According to the findings, 44% of organizations already possess cyber insurance coverage, while an additional 15% are planning to purchase a policy within the next year. However, before being offered a policy, organizations are typically required to undergo a security audit by the prospective insurer.
Dirk Schrader, the VP of Security Research at Netwrix, explained the significance of these audits, stating, “The insurer’s audit will highlight security gaps in the IT ecosystem and provide recommendations on how to overcome them. In some cases, implementing additional security controls is mandatory to even qualify for a policy. In addition, some organizations choose to invest in more security measures because it reduces the cost of the insurance policy.”
The survey also explored the specific requirements that organizations must meet to qualify for a policy. The most commonly requested measure was multifactor authentication (MFA), which was named by 63% of respondents. This was followed by patch management, cited by 55% of respondents, and regular security training for business users, mentioned by 47% of respondents. Identity and access management (IAM) requirements were necessary for 38% of organizations, while 36% revealed the need to implement privileged access management (PAM) controls. Gartner supports these findings, stating that “Insurers often require organizations to deploy a PAM tool, along with MFA for administrative access, to mitigate the risk of breaches and malware events.”
Addressing these requirements or recommendations from insurers requires careful assessment of the dependencies between the requested controls. Ilia Sotnikov, Security Strategist at Netwrix, emphasized the importance of understanding these dependencies, stating, “For example, in order to require MFA for access to particular types of data, it is necessary to know where sensitive and regulated data resides, as well as to have control over user and administrative privileges.”
The survey conducted by Netwrix provides valuable insights into the growing importance of cyber insurance policies and the measures organizations are taking to protect themselves from the financial impact of data breaches. As the threat landscape continues to evolve, it is crucial for organizations to stay ahead by implementing robust security measures and working closely with insurers to ensure they meet the necessary requirements.
For more information on security trends and practices, the complete 2023 Hybrid Security Trends Report by Netwrix can be accessed through their website. Additionally, Gartner’s Magic Quadrant for Privileged Access Management™ offers further insights into the importance of privileged access management in mitigating the risk of breaches and malware events.