A majority of organizations (80%) have had to use their cyber insurance and more than 50% have used it more than once according to a new analysis by Delinea.
The new analysis Cyber Insurance – If You Get It, Be Ready to Use It reveals that insurers are pulling back on covering what is most needed, with only about 30% of organizations saying their policy covers critical risks including ransomware, ransom negotiation, and decision on ransom payment.
The survey, conducted among 300 US-based IT decision makers by Censuswide, found that nearly 70% of organizations have applied for cyber insurance, with 93% being approved when they applied, and 65% claiming the process took less than three months.
While risk reduction is the main reason for applying (40%), one-third (33%) of respondents claimed that it was also due to requirements from executive management and boards of directors, and 25% cited recent ransomware incidents as a primary decision driver.
Given the pressure coming from the top, it’s therefore no surprise that 93% received the budget required to purchase their cyber insurance policies even as 75% of respondents said premiums increased in their last renewal.
Delinea CEO Art Gilliland said, “Executives and boards use cyber insurance to lower the costs associated with potential breaches. As a result, most organizations are scrambling to buy or renew a policy, even as the insurers pull back on what they will cover and simultaneously raise the price of coverage.”
The analysis found that insurers are increasingly requiring organizations to implement a broader set of security controls to try to reduce the number of customers leveraging their policies. With 80% of companies leveraging their insurance policies, it is expected that more advanced solutions are needed.
Other main reasons cited for applying for cyber insurance were business contract requirements (24%) and recent data breaches (17%). The largest number of respondents (48%) indicated that their policy covers data recovery, while roughly a third indicated it covers incident response, regulatory fines and third-party damages.
To qualify for cyber insurance, a majority of respondents (51%) confirmed that cyber security awareness training was a requirement, with just under half (47%) stating they were required to have malware protection, antivirus software, multi-factor authentication (MFA), and backup data.