Cyber insurance not only has become ubiquitous, but more than half of companies that have used their coverage have used it more than once. As a result, insurers are pulling back on covering what is most needed, with only about 30pc of businesses saying their policy covers critical risks including ransomware, ransom negotiation, and decision on ransom payment.
A survey of 300 US-based IT decision makers by Censuswide, found that nearly 70pc of businesses have applied for cyber insurance, with near all, 93pc being approved when they applied, and 65pc claiming the process took less than three months. While risk reduction is the main reason for applying (cited by 40pc), one-third (33pc) of respondents claimed that it was also due to requirements from executive management and boards of directors, and 25pc cited recent ransomware incidents as a primary decision driver. Given that pressure coming from the top, it’s no surprise that 93pc received the budget required to purchase their policies even as 75pc of respondents said premiums increased in their last renewal.
Art Gilliland, CEO of Delinea said: “Executives and boards use cyber insurance to lower the costs associated with potential breaches. As a result, most organisations are scrambling to buy or renew a policy, even as the insurers pull back on what they will cover and simultaneously raise the price of coverage. Our report shows that insurers are increasingly requiring organisations to implement a broader set of security controls to try to reduce the number of customers leveraging their policies. With 80% of companies leveraging their insurance policies, it is expected that more advanced solutions are needed.”
Other main reasons cited for applying for cyber insurance were business contract requirements (24pc) and recent data breaches (17pc). Near half of respondents (48pc) indicated that their policy covers data recovery, while roughly a third indicated it covers incident response, regulatory fines, and third-party damages.
To qualify for cyber insurance, about half of respondents (51pc) confirmed that cyber awareness training was a requirement, while just under half (47pc) stated they were required to have malware protection, anti-virus software, multi-factor authentication (MFA), and back-up data. When asked how they met insurers’ Privileged Access Management requirements, a similar percentage said they had suitable existing solutions (43pc) as those who had to acquire additional solutions (42pc). Delinea offers Privileged Access Management (PAM) products.
The company’s report, titled “Cyber Insurance – If You Get It, Be Ready to Use It,” is now available as a free download at delinea.com/resources.
