A recent report by Delinea has highlighted a growing disparity among insurance providers when it comes to offering affordable and comprehensive cyber insurance coverage. While many organizations are eager to secure this safety net, they often overlook the fine print, potentially putting themselves in a difficult position when they actually need to use this coverage.
The report reveals that obtaining cyber insurance is becoming increasingly time-consuming and effort-intensive. More companies are now reporting that it takes them six months or longer to obtain or renew their cyber insurance policies. This is a stark contrast to last year’s findings, where only one organization reported such a delay.
The demand for cyber insurance has been steadily increasing, as highlighted in a previous report by Delinea. This year, the number of companies that have had to use their cyber insurance more than once has risen to 47%. Additionally, a staggering 67% of respondents noted that their insurance rates increased by 50-100% upon application or renewal.
One concerning aspect uncovered by the survey is the growing list of exclusions that could potentially void cyber insurance coverage. Lack of security protocols in place, human error, acts of war, and failure to comply with proper procedures were among the top reasons cited. Even if organizations manage to secure affordable policies, their claims may still be denied or reduced due to these exclusions.
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, commented on the findings, stating that cyber insurers are now maturing and becoming more cautious. While they initially focused on meeting the high demand for cyber insurance, they now understand the need to reduce their exposure to avoidable and uncontrollable circumstances.
Carson highlighted that many organizations approach cyber insurance without due diligence, solely seeking to get covered. However, they often fail to consider whether their current policy is still suitable or if it has changed at renewal. This lack of attention to detail creates a “cyber insurance gap,” which could leave organizations vulnerable when a cybersecurity incident occurs and they need to rely on their financial safety net.
Despite the challenges associated with cyber insurance, many organizations are still investing in cybersecurity solutions to protect themselves and meet the increasing requirements for coverage. The report revealed that 96% of organizations purchased at least one security solution before their cyber insurance application was approved. Additionally, 81% of respondents received the necessary budget to secure their desired cyber insurance policy, with 36% noting its requirement by Boards of Directors and executive management teams.
Given that a majority of cyberattacks involve stolen credentials, it comes as no surprise that insurance providers now require related security controls. The survey found that 51% of respondents reported the need for Identity and Access Management controls, while 49% mentioned Privileged Access Management as a requirement. This necessitates organizations to implement these access control solutions before shopping for or renewing cyber insurance. Alongside these measures, basic cybersecurity strategies like anti-malware software, data encryption, firewall and intrusion detection, patching, and vulnerability management are essential to secure coverage.
As the demand for cyber insurance continues to rise, organizations must be diligent in their approach. It is crucial to carefully review policies, understand the exclusions, and ensure the required security controls are in place. This way, organizations can minimize the chance of being caught in the cyber insurance gap and mitigate potential financial losses in case of a cybersecurity incident.