In espionage, as dramatized in the Mission Impossible movies, masks, and high-tech gadgets are often used to fool security systems into thinking someone is who they are not. In reality, if in a slightly less action-packed style, today’s cyber attackers are doing much the same—using stolen or fake identities to slip past digital defenses and access sensitive information. This game of deception is at the heart of modern cybersecurity challenges, making identity security a top priority for organizations and insurance providers.
Delinea’s “2024 Cyber Insurance Research Report” delves into this critical issue, revealing how companies are fortifying their defenses and meeting increasingly stringent insurance requirements through advanced technologies like Artificial Intelligence (AI).
What follows is our takeaway; you can get the whole report here.
Identity Security: A Key Focus for Cyber Insurance
A significant finding from the report is the critical role of identity security in cyber incidents leading to insurance claims. Nearly half (47%) of attacks that resulted in insurance claims were linked to identity and privilege compromises. These types of attacks often exploit weak or inadequately managed credentials, allowing attackers to gain unauthorized access to sensitive systems and data. Cyber attackers no longer need to break in—they log in using stolen or purchased credentials to impersonate legitimate users. This shift in attack strategy underscores the need for robust identity security measures.
Based on a survey of 306 decision-makers involved in their organization’s cyber insurance process, the report highlights that insurance companies require comprehensive evidence of identity security before granting a policy. Specifically, 41% of insurers demand proof of least privilege access controls (AKA need to know) and authorization, and virtually all (95%) U.S. companies had to invest in identity security solutions to obtain or renew their policies. This trend reflects the growing emphasis on identity security protocols as a prerequisite for obtaining comprehensive cyber insurance coverage.
“The frequency of claims tied to identity compromises underscores the ongoing gaps in many organizations’ security strategies,” said C.J. Dietzman, Senior Vice President at Allianz Insurance Service
High Frequency of Cyber Insurance Claims
The report reveals that cyber insurance claims remain frequent among organizations, with 62% of surveyed companies filing claims within the past 12 months. Alarmingly, over 27% of respondents reported filing multiple claims, reflecting the persistent and intensifying nature of cyber threats. The data aligns with previous trends observed in Delinea’s 2023 survey, where 79% of respondents indicated they had used their cyber insurance policies in the past. This high claim frequency illustrates the ongoing vulnerability of organizations to cyberattacks, particularly those targeting identity and privileged access.
AI Adoption for Reducing Cyber Insurance Premiums
As the report outlines, adopting advanced technologies such as AI plays a crucial role in reducing cyber insurance premiums. Half of the U.S. companies surveyed leverage AI-supported threat detection and monitoring solutions to gain a strategic advantage in an environment where overall insurance costs are rising. AI helps organizations enhance their security posture by enabling quicker identification and response to threats, thereby minimizing potential damage and reducing the likelihood of a claim.
AI also allows companies to demonstrate to insurers that they are proactively managing identity risks, which can lead to more favorable insurance terms. Delinea’s platform, for example, offers AI-driven solutions that deploy quickly, require fewer resources, and help organizations meet stringent insurance requirements, all while bolstering their overall risk management strategies.
Challenges in Meeting Insurance Requirements
The report details organizations’ increasing difficulty in maintaining insurability as risk factors evolve. Insurers are conducting more detailed risk assessments and demanding more evidence of robust cybersecurity practices, particularly in complex, hybrid organizations with changing risk profiles. Companies must constantly evaluate and improve their security controls to align with industry best practices and regulatory requirements.
Key security controls that insurers often require include least privilege access, multi-factor authentication (MFA), session management, credential management, and secure remote access controls. These measures help reduce the likelihood and impact of cyber incidents, thereby minimizing insurers’ potential payouts. However, maintaining these controls is challenging and often requires a significant investment in security infrastructure and technologies.
The Role of Compliance and Regulations
Compliance with regulatory requirements is a major driver for organizations seeking cyber insurance. The report finds that many companies apply for cyber insurance to comply with industry regulations and to meet directives from executive management or their board of directors. Insurers focus heavily on data recovery and backup services to ensure business continuity, helping organizations quickly recover from breaches and avoid regulatory fines associated with non-compliance.
While cyber insurance can cover various costs related to cyber incidents, such as data recovery, ransomware payments, and incident response, it is not a substitute for robust cybersecurity measures. Organizations must implement comprehensive security controls and processes to satisfy both regulators and insurance providers, and to remain insurable over the long term.
The Future of Cyber Insurance and Identity Security
Delinea’s report concludes that while cyber insurance is essential to a cyber risk management strategy, it must work in concert with robust identity security controls and processes. Organizations that prioritize identity security, invest in AI-driven solutions, and adopt industry best practices are better positioned to secure favorable insurance terms and maintain insurability in a rapidly evolving cyber threat landscape.
As the cyber insurance industry matures, underwriters will increasingly scrutinize how organizations use AI and other advanced technologies to manage identity-related risks. To remain insurable, companies must continually assess and adapt their security controls to meet evolving standards and demonstrate a proactive approach to cybersecurity.
Source: 2024 Cyber Insurance Research Report.
Other News: 2024 Trends in Identity Security: Report(Opens in a new browser tab)
Other News: Small Business Insurance Statistics 2024.