Estimated reading time: 4 minutes
Corporate security leaders are getting clearer about cyber liability insurance even as they rush toward a passwordless future. According to Portnox’s new report, CISO Perspectives for 2026, chief information security officers (CISOs) are stabilizing their insurance strategies while rethinking identity and access management, zero trust, and artificial intelligence risks.
The report, based on responses from 200 CISOs at U.S. firms with more than $500 million in annual revenue, captures how fast the cybersecurity landscape is shifting. Wakefield Research surveyed on behalf of Portnox, which provides cloud-native zero-trust access solutions.
“This data offers a rare, evolving benchmark for security leaders,” said Nathan Richter, Senior Partner at Wakefield Research. “It shows how CISOs’ priorities and tools continue to transform year after year.”
Cyber Liability Insurance: From Confusion to Confidence
For years, companies struggled to interpret what their cyber policies covered. The 2026 survey marks a turning point.
CISOs report that uncertainty around cyber liability insurance has dropped sharply. Only 40% of organizations now constantly reevaluate their premiums — down from 68% in 2024. Portnox calls it “a sign that confidence in risk management is returning.”
The numbers tell a similar story on coverage clarity. Uncertainty about supply chain attack coverage fell from 58% to 43%. Confusion around insider threat protection dropped from 51% to 34%. Clarity about coverage for phishing attacks improved, too, falling from 41% to 26%.
These are not just statistics; they reflect the maturing of an industry. As ransomware losses rise and regulators tighten reporting requirements, companies seem to have learned to treat cyber insurance as a core security control, not a backup plan.
Passwordless Technology Becomes the New Baseline
If 2024 was the year of MFA, 2025 is the year of passwordless. Portnox’s report shows 92% of CISOs have already implemented, are implementing, or plan to implement passwordless authentication, up from 70% last year. Completed rollouts doubled. Planned projects jumped by 14 points.
The appeal is clear. CISOs cited reduced risk from password reuse and phishing (52%) as the top benefit. They also named improved productivity (41%) and better user experience (39%) as major reasons.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
“MFA, while better than nothing, is a threat mitigation tool,” said Portnox CEO Denny LeCompte. “Passwordless authentication removes passwords entirely. It cuts attack surfaces and reduces phishing, credential stuffing, and brute-force attempts.”
Employee frustration with security policies is easing, too. Only 42% now complain about frequent password changes, down from 51%. That’s progress, even if half of workers still find security measures “tedious.”
Zero Trust Expands, VPNs Fade, and NAC Budgets Rise
CISOs continue modernizing their network defenses. Nearly all respondents said they now see Network Access Control (NAC) as critical to any zero-trust framework. Confidence in NAC rose 93% year over year, driven largely by cloud-based solutions. Budgets are following suit. 87% of companies are increasing NAC spending, up from 83% in 2024.
VPNs, meanwhile, are being retired fast. Two-thirds of organizations expect to complete the shift to zero trust access by next year, and 93% plan to do so by 2027.
Zero trust itself still inspires optimism and caution in equal measure. Sixty-one percent of CISOs still call it “the future of cybersecurity,” while 27% now see it as overhyped.
AI Brings Workloads, Not Just Worries
Artificial intelligence is shaking up risk management. 78% of CISOs say AI will increase their team’s workload as they secure new models, bots, and automated systems.
Most are still writing the playbook as they go. Only 22% have a formal strategy to manage AI identities within zero-trust frameworks. Fifty-nine percent are developing one.
Despite the uncertainty, AI is viewed less as a monster under the bed and more as a new coworker — unpredictable but indispensable.
ONE MINUTE WATCH – Cyber Insurance News Podcast Advice for SMEs – Talk to the CISO
CISOs Regain Their Nerve
Last year, 77% of CISOs feared they could lose their jobs after a significant breach. That number has dropped to 55%. The data suggests growing confidence in defenses and leadership support.
Nearly all CISOs still expect attacks. But fewer see them as career-ending events. Their focus has shifted to resilience, response, and building lasting cyber programs.
The Broader Picture: Insurance as Infrastructure
Portnox’s findings underline how cyber liability insurance is evolving from paperwork to policy backbone. It now sits beside zero trust, passwordless authentication, and NAC as part of core infrastructure.
As breaches grow more complex and regulators demand transparency, insurers are tightening terms and pushing clients toward proactive security. The data shows CISOs are responding.
In cybersecurity’s volatile ecosystem, even partial stability is big news.
RELATED CYBER LIABILITY INSURANCE POSTS
