Delinea’s 2023 State of Cyber Insurance Report highlights a growing disconnect between insurance carriers and organizations seeking comprehensive coverage [1] [2] [3]. Based on a survey of over 300 organizations in the US [2] [4], the report reveals the challenges faced by companies in obtaining cyber insurance and the importance of insurers conducting risk assessments and evaluating industry-specific vulnerabilities.
Description
The report shows that obtaining cyber insurance is increasingly challenging, with many companies now requiring six months or longer to secure policies. It also notes a rise in the number of organizations making multiple claims and experiencing significant rate increases of 50-100% during application or renewal. To address these challenges, the report emphasizes the need for insurers to conduct risk assessments and evaluate industry-specific vulnerabilities [3]. It also identifies a list of exclusions that could nullify coverage [1] [2] [3], such as inadequate security protocols [4], human errors [1] [2] [3] [4], acts of war [1] [2] [3] [4], and non-compliance with procedures [1] [3] [4]. Therefore, organizations must carefully review policy stipulations to ensure their claims are approved [3].
Despite these challenges [1] [3], a majority of organizations have invested in security solutions and secured budgets for cyber insurance coverage [3]. The study highlights the crucial role of security controls [3], specifically Identity and Access Management (IAM) and Privileged Access Management (PAM) [2] [3], which are cited as essential policy requisites. Many organizations are aligning their budgets to invest in IAM solutions [3], password vaults [3], and PAM controls to strengthen their coverage [3]. The report advises organizations to approach cyber insurance with diligence and ensure their policies meet their current needs [1]. It also emphasizes that access control solutions and other essential security controls should be implemented before seeking or renewing cyber insurance, as they are often required by policies.
Conclusion
The challenges highlighted in the report have significant implications for organizations seeking comprehensive cyber insurance coverage. The increasing difficulty in obtaining policies and the rise in multiple claims and rate increases underscore the need for insurers to conduct thorough risk assessments and evaluate industry-specific vulnerabilities. Organizations must carefully review policy stipulations to ensure their claims are approved [3]. The study also emphasizes the importance of investing in security solutions, specifically IAM and PAM, to strengthen coverage [3]. Moving forward, organizations should approach cyber insurance with diligence and ensure their policies align with their current needs [1]. Implementing access control solutions and other essential security controls before seeking or renewing cyber insurance is crucial to meeting policy requirements.
References
[1] https://www.vigilance-securitymagazine.com/news/top-categories/case-studies/11671-delinea-research-reveals-a-cyber-insurance-gap-as-providers-evolve-to-reduce-their-exposure-while-organisations-ignore-the-fine-print
[2] https://vmblog.com/archive/2023/08/29/delinea-research-reveals-a-cyber-insurance-gap-as-providers-evolve-to-reduce-their-exposure-while-organizations-ignore-the-fine-print.aspx
[3] https://www.infosecurity-magazine.com/news/growing-disparity-cyber-insurance/
[4] https://www.investorsobserver.com/news/qm-pr/8179617697196715
