A “significant gap” is emerging between insurance carriers and organizations scrambling to find affordable, comprehensive coverage, according to a new study from Delinea, a privileged access management provider.
Demand for cyber insurance has skyrocketed while insurance companies have tightened the reigns to reduce their exposure, the San Francisco-based company said. Indeed, in its newly released 2023 State of Cyber Insurance report, Delinea found that the time and effort to obtain cyber insurance is increasing significantly, with the number of companies requiring six months or more to get insured has ballooned from last year’s study.
The 2022 survey found only one organization that said it took longer than six months to obtain or renew cyber insurance. By comparison, this year more than 20 respondents indicated it took that long.
In addition, in this year’s study of 300 organizations, companies that used their cyber insurance more than once increased to 47%, while 67% of respondents noted that their insurance rates increased 50-100% upon application or renewal.
A Deeper Dive into the Report
Here are some more details from the report:
- Even if organizations are able to get or renew cyber insurance policies they can afford, their claim may get denied or reduced because of the fine print.
- 96% of organizations purchased at least one security solution before their application was approved.
- 81% received the budget they needed to get their desired cyber insurance policy.
- 36% of respondents said that it is now a requirement from Boards of Directors and executive management teams.
- About half of respondents reported that identity and access management (51%) and privileged access management (49%) controls are required by their cyber insurance policies.
- 50% purchased IAM solutions, 45% acquired a password vault, and 44% acquired PAM controls needed to secure their coverage.
Cyber insurers are “learning from their data and are now maturing,” said Joseph Carson, chief security scientist and advisory chief information security officer at Delinea. As he explained:
“In the early days of cyber insurance, they were just trying to address a huge demand, but now they realize they must reduce their own exposure to both avoidable and uncontrollable circumstances.
Our survey results find that most organizations are not approaching cyber insurance with the same diligence. They are simply looking to get covered. What they're not checking is whether the policy they had last year is what they need now, or if their policy changed at renewal.
This cyber insurance gap could put a lot of organizations in a tough place when a cybersecurity incident occurs, and they want to utilize this financial safety net, Delinea believes.
