Cyber insurance providers increase scrutiny on enterprise risk, report finds
Home/CyberSecurity / Cyber insurance providers increase scrutiny on enterprise risk, report finds
Cyber insurance providers increase scrutiny on enterprise risk, report finds

Dive Brief:

  • Organizations are facing more obstacles obtaining or renewing cyber insurance coverage,  according to a survey of 300 organizations conducted by Censuswide, on behalf of Delinea. Organizations also face strict requirements to get a claim covered.
  • The majority of organizations, 4 in 5,  said their insurance rates went up when they submitted a new application or applied for policy renewals, with two-thirds reporting premium hikes of between 50% and 100%. 
  • It is also taking organizations longer to obtain new coverage. The process for 20 of those surveyed, roughly 7%, took six months or longer.

Dive Insight:

Insurance carriers have added reasons to exclude claims, including lack of security protocols, human error, acts of war and failure to follow proper compliance procedures. 

The report comes at an important time for the cyber insurance industry. Following several years of rapidly increasing premiums and instability, the market for cyber coverage has begun to stabilize as new companies enter the industry and demand has increased from a wider pool of potential customers. 

Cyber insurers have matured over the past year, gaining significant insights into what factors lead to successful attacks, according to Joseph Carson, chief security scientist and advisory CISO at Delinia. 

“This means they are getting more vigorous on their security requirements and risk assessments to ensure that businesses are taking the right steps to protect [themselves] from cyberattacks,” Carson said. 

Insurers are increasingly asking for standard compliance information found in protocols like PCI or ISO 27001, according to Carson. For example, carriers want to know if policyholders have implemented multifactor authentication, whether employee training has been implemented, and if the company has a data backup and recovery strategy. 



Source link