The cyber insurance industry has long asserted that its underwriting processes, combined with security tech embedded in policies or supplied by third parties, will improve their clients’ security and impact the broader economy. Some carriers have provided statistics on breaches that appear to support the proposition.
Cyber security company Netwrix tested this with a survey 1,600 IT and security professionals (44% of whose organizations were insured and 15% planned to purchase a policy within the next 12 months.)
“We asked respondents what requirements they had to meet in order to qualify for a policy. The most requested measure was multifactor authentication (MFA), named by 63%, followed by patch management (55%) and regular security training for business users (47%). In addition, 38% said they had to meet requirements for identity and access management (IAM), while 36% revealed they had to implement privileged access management (PAM) controls. Indeed, according to Gartner®, ‘Insurers often require organizations to deploy a PAM tool, along with MFA for administrative access, to mitigate the risk of breaches and malware events,'” according to the press release.