Delinea Research has published its 2023 State of Cyber Insurance Report, which reveals a growing gap between insurance carriers and organizations seeking robust coverage. The survey, conducted by Censuswide on behalf of Delinea, sought to identify shifting patterns since last year’s analysis. Insights from 300 US organizations highlighted an escalating trend: securing cyber insurance is increasingly challenging, with more firms requiring over six months for policies. This year’s findings demonstrate that companies making multiple claims surged to 47%, while 67% of respondents reported insurance premiums surging by 50–100% during application or renewal.
The survey also exposes a growing list of exclusions that could potentially render cyber insurance coverage null, encompassing factors such as inadequate security protocols (43%), human errors (38%), acts of war (33%) and non-adherence to compliance procedures (33%). Even organizations that succeed in procuring or renewing policies may face claim denials or reductions due to intricate policy stipulations.
The report recommends that businesses opt for insurers that include a risk assessment of the organization with the goal to remediate identified security weaknesses prior to quoting. A thorough process should include industry-specific evaluations such as the use and protection of an OT network in manufacturing or the volume of regulated records (PII, PHI or other) processed by the organizations in sectors such as healthcare or financial services.
The report also highlights the essential role of security controls given the prevalence of cyber-attacks stemming from compromised credentials. Approximately 51% of respondents indicate Identity and Access Management (IAM) controls as policy requisites, closely followed by 49% citing Privileged Access Management (PAM).
Joseph Carson, chief security scientist at Delinea said “The increasing list of exclusions and limitations means organizations must understand the fine print within the policies to ensure their claim would be approved. If organizations don’t follow the policy claim procedure, they could find themselves with certain incident or data breach costs that might not get covered as part of the claim, so it is critical to know the correct procedure before you need to use it in the middle of a cyber-attack.”