According to Delinea’s 2023 State of Cyber Insurance report, the time and effort required to obtain cyber insurance is increasing significantly for US organizations. The report, based on a survey of over 300 organizations, highlights a noticeable gap between insurance carriers and businesses in terms of obtaining affordable and comprehensive coverage. Many organizations are now investing in cybersecurity solutions to meet the requirements for cyber insurance policies.
In a separate study conducted by Forrester, it was found that while most enterprise security technology decision-makers have some kind of cyber insurance coverage, only 26% have a standalone policy. This indicates that there is still a lack of understanding and preparedness when it comes to cyber insurance. Furthermore, the research reveals that cyber insurance has an impact on service provider selection, with insurance carriers typically maintaining a panel of preferred providers for areas such as incident response, ransomware negotiation, and payments. Approximately 70% of enterprises with cyber coverage stated that their insurance carrier required them to choose from their panel of providers.
The cyber insurance landscape has undergone significant changes in recent years due to the increased frequency and severity of ransomware, phishing, and denial-of-service attacks. As a result, the demand for coverage has evolved, leading to more diverse, complex, expensive, and harder-to-qualify-for policies. This presents new challenges and considerations for CISOs and their organizations when it comes to making optimal cyber insurance investments.
One of the key findings from Delinea’s report is that the time and effort required to obtain cyber insurance is increasing for many organizations. In 2023, the percentage of respondents reporting that the process took more than six months rose from 0.46% in the previous year to 7%. The report highlights that insurance questionnaires and calls with risk analysts often require an in-depth understanding of IT systems, which takes valuable time away from maintaining systems and supporting employees and customers. Additionally, many insurance companies require external evaluations, leading to a need for external support. Over half of the respondents reported that providers require them to conduct an external evaluation, and 55% had to use a provider-approved solution.
Despite the challenges in obtaining cyber insurance, companies are still willing to invest. The report reveals that almost 80% of respondents stated that their insurance rates increased upon application or renewal. Furthermore, over two-thirds reported rate increases of 50% to 100%. Despite these increases, boards of directors and executive management teams are mandating that companies obtain cyber insurance. In fact, 81% of respondents allocated additional budget to secure coverage. This is largely driven by the need to invest in cybersecurity solutions to meet the increasing requirements for cyber insurance. The report shows that nearly all organizations purchased at least one security solution before their application for cyber insurance was approved. Popular purchases included identity and access management tools, privileged access management solutions, and multi-factor authentication tools.
In conclusion, the process of obtaining cyber insurance is becoming more time-consuming and cumbersome for US organizations. Insurance carriers and businesses are facing a significant gap in terms of obtaining affordable and comprehensive coverage. With the evolving landscape of cyber threats, policies are becoming more complex and harder to qualify for. However, despite these challenges, companies are still willing to invest in cyber insurance and are allocating additional budget to meet the growing requirements. It is crucial for organizations to understand the importance of cyber insurance and to invest in cybersecurity solutions to mitigate risks and secure coverage.