1、 WHITEPAPERIdentity Security is Critical to Obtaining and Maintaining Cyber Insurance2024 Cyber Insurance Research ReportWHITEPAPER 2024 Cyber Insurance Research Report2Executive SummaryCyber insurance is a critical component of a cyber risk management program to ensure resilience and recovery.Now t

2、hat having cyber insurance has become standard practice for organizations of all types,the focus has shifted to maintaining insurability even as risk factors change.As cyber incidents have rattled the industry,insurers are engaging in detailed risk assessments,and its increasingly difficult for cybe

3、r leaders to prove the value of their security program and get robust coverage.Organizations must provide relevant evidence to make sure their insurance continues and increases or adjusts as necessary.For complex,hybrid organizations with changing risk profiles,collecting accurate,up-to-date informa

4、tion can be incredibly cumbersome and time-consuming work.In this research study of 300 decision-makers,we analyze how companies are addressing these challenges to obtain and maintain cyber insurance.In particular,we explore how organizations are adopting newer technologies like Artificial Intellige

5、nce to increase efficiency,scale quickly,and lower costs.Key takeaways:Gaps in identity security are the most common cause of cyber incidents that result in insurance claims.Identity and privilege compromises account for 47%of attacks that lead to insurance claims.Insurance companies want evidence o

6、f identity security before granting a policy.Over 40%of insurance companies require least privilege access controls/authorization before granting a policy.Virtually all(95%)of U.S.companies had to invest in identity security solutions before obtaining a policy.Although overall cyber insurance costs

7、are increasing,AI is providing leverage for policyholders.Half of U.S.companies are using AI-supported threat detection and monitoring to reduce their cyber insurance premiums.Read on to benchmark your own identity security practices and cyber insurance strategies.What you learn will help you prepar

8、e for your next cyber insurance assessment and identify innovative ways to reduce your effort and costs.123Identity and privilege compromises account for 47%of attacks that lead to insurance claims 47%WHITEPAPER 2024 Cyber Insurance Research Report3Yes(net)Supply chain/third-party/vendorYes,more tha

9、n onceRansomware attackYes,onceIdentity-related compromiseNo,not in the past 12 months,but have filed a claim previous to thisPrivileged account compromiseNo,we have never filed a claimUnsure/cant rememberPrefer not to sayOther,please specify62%27%27%26%22%0.3%15%22%35%25%0.3%0%Key Finding 1 Gaps in

10、 identity security are the most common cause of cyber incidents that result in insurance claims.The frequency of cyber insurance claims remains high.Once companies have cyber insurance,they use it.The data shows that 77%of companies with insurance have previously filed a claim.This is consistent wit

11、h the results of Delineas 2023 survey,in which 79%of respondents said they had used cyber insurance in the past.In the last 12 months alone,62%of companies filed a claim.Its been a particularly bad year for more than 27%of companies,who filed more than once during the previous 12-month period.Attack

12、 techniques exploit identities and privileged accounts.Taken together,two identity attack vectors,identity-related compromise and privileged account compromise,cause over 47%of attacks that lead to insurance claims.Figure 1|Has your organization filed a cyber insurance claim in the past 12 months?Fi

13、gure 2|What caused the cyber incident related to the cyber insurance claim?WHITEPAPER 2024 Cyber Insurance Research Report4These days,most cyber attackers dont need to break in they simply login.Identity-related attacks typically begin when an attacker uses valid credentials they have stolen or purc

14、hased.They may use those credentials to impersonate an authorized identity or utilize a privileged account so they can unlock access to protected resources.Depending on the level of access attached to that identity or privileged account,the attacker may be able to download malware,manipulate data,sh

15、ut down systems,or more,all of which lead to a potential claim being filed with the insurer.As part of the supply chain,third parties such as contractors,vendors,and partners often have access to sensitive data and IT systems.For example,IT operations teams often outsource tasks like troubleshooting

16、,and engineering teams commonly scale using external developers.These users may access resources using a shared privileged account or an individual identity.Too often,these types of users operate without sufficient oversight,and access remains in place long after projects are complete,leaving vulner

17、abilities that bad actors will exploit,resulting in a potential payout for insurers.Ransomware often gains a foothold through social engineering or phishing,encouraging users with local privileges to click on a link that downloads malware.Once they gain a foothold,an attacker can encrypt data and de

18、mand a ransom for the encryption key,or exfiltrate data and threaten to release it unless a ransom is paid.Companies get cyber insurance coverage to support their compliance requirements and ensure business continuity.We asked companies why they sought insurance coverage at the time they did.Trigger

19、s include compliance with regulatory requirements,directives from executive management or the Board of Directors,and reactions to recent cyberattacks,either within their industry or directly affecting their organization.Respondents report that compliance/regulatory requirements are the#1 driver to g

20、et cyber insurance.The point here isnt that regulations such as PCI,HIPAA,and other compliance frameworks require that covered entities have cyber insurance.Neither is the point that cyber insurance is an effective strategy to pay for non-compliance fines,at least for most companies;the reality is t

21、hat regulatory fines are the least common expense cyber insurance will pay for.Compliance/regulatory requirements We had a ransomware/cyberattack incidentOtherExecutive management/Board requirementPartner/customer/third-party contract required itRecent cyberattack in the industryOur risk profile cha

22、nged/rose above our risk threshold35%26%0%30%24%27%2%Figure 3 A|What were your main reasons for applying for cyber insurance,at the time you did?WHITEPAPER 2024 Cyber Insurance Research Report5More likely,companies that are governed by industry regulations face stringent non-compliance fines regardi

23、ng data protection.Quick recovery and backup can help avoid fines and other costs associated with non-compliance following a data breach because they allow you to quickly recover and secure data.Cyber insurance focuses heavily on data recovery and backup services because they are essential for minim

24、izing downtime and financial losses after a cyber incident.By covering these services,insurers support rapid recovery and business resilience,which benefits both the insured and the insurer.Also consider that insurance is a risk management strategy,not a cybersecurity strategy.Many companies use com

25、pliance or cybersecurity frameworks like NIST to guide their security programs,even if they arent covered entities.These frameworks call for evidence of security controls,as will insurance companies,because they are proven to reduce risk.If you put these controls in place,youll be able to satisfy bo

26、th regulators and insurance companies.Even if youre not bound by regulations that carry potential fines,you cant just skip this part and expect to pass your next audit or insurance assessment.Data recovery/backupRansomware negotiations&paymentLost revenueOtherAdditional security controlsIncident res

27、ponse servicesRegulatory finesLegal FeesImpact on partners and customersNot sure50%41%39%0%46%40%38%44%40%1%Figure 3 B|What would your cyber insurance policy pay for?Half of U.S.companies are using AI-supported threat detection and monitoring to reduce their cyber insurance premiums WHITEPAPER 2024

28、Cyber Insurance Research Report6Key Finding 2 Insurance companies want evidence of identity security before granting a policy,with 41%requiring authorization controls.Insurers require identity security controls,activities,and processes.Now that they have more historical data pointing to the cause of

29、 cyberattacks,many insurance companies have requirements for policyholders to minimize the likelihood and impact of cyber incidents,reducing their potential payouts on claims.Nearly all respondents have some form of identity security requirement mandated by their cyber insurance provider.Most of tho

30、se who were surveyed say cyber insurance policies require multiple identity security controls.Insurers commonly require policyholders to establish controls related to authorization/least privilege access,followed closely by threat detection and response.These controls align with industry best practi

31、ces and regulatory requirements.Effective security controls not only help prevent incidents but also ensure that organizations can respond quickly and effectively,reducing downtime and financial losses.By requiring comprehensive security controls,insurers can better manage and predict potential loss

32、es,leading to more stable and predictable premiums for policyholders.Authorization/access controls (least privilege,policy/role-based access)Credential/password managementIdentity Governance and AdministrationThreat detection and incident response/resiliency plan Secure remote/third-party controlsAp

33、plication controlsSession management and monitoring(reporting,documentation,and audit trails)MFA(identity validation at multiple levels)No security controls,activities,and processes are required by our cyber insurance policyUnsureOther,please specify41%35%0.6%0%31%40%35%29%38%35%0.6%Figure 4|What se

34、curity controls,activities,and processes are required by your cyber insurance policy?WHITEPAPER 2024 Cyber Insurance Research Report7Access controls authorize what systems and data an identity can access and what they can do with that access.Companies typically manage authorization through policies

35、such as role-based access controls or attribute-based access controls.Least privilege best practices require that identities have only the permissions necessary to perform their job functions,only when they need them.Multi-factor authentication validates human identities by requiring people to provi

36、de something they have(such as a code on a phone or fingerprint)or something they know(such as challenge questions).Best practices call for identity validation at every interaction that carries high risk,including initial log in and privilege elevation.Session management and continuous monitoring de

37、tect anomalies in identity activities and events,aiding in proactive incident prevention and rapid response.Audit trails allow you to identify patterns,useful for predicting risks and speeding post-event forensic analysis.In addition,granular reporting allows you to track improvements in your identi

38、ty security posture,ensure accountability,and demonstrate evidence of controls to cyber insurance companies.These controls allow remote employees and third parties to securely access the exact resources they need to complete their work,while still being closely monitored for ongoing oversight.Effect

39、ive threat detection and incident response are critical for cyber resilience and business continuity.Controls include mechanisms to detect threats and a structured response plan to proactively mitigate risks and contain and remediate incidents in progress.This includes redundancies to ensure minimal

40、 to no disruptions during an incident.Credentials include usernames,passwords,tokens,and other secrets that unlock access to your systems and data.Cyber attackers use methods such as credential stuffing and password cracking to steal credentials.They may also buy credentials from access brokers on t

41、he dark web.To prevent theft,credentials should be difficult to guess and always secured.You can store credentials in a military-grade encrypted vault.Ongoing credentials management,such as rotation and expiration,ensures credentials have limited lifespans.Application controls help you balance least

42、 privilege best practices and user productivity.Trusted applications are added to allow lists for automatic installation or execution,while known malicious applications(malware)are added to deny lists and blocked.Unknown applications can be sandboxed until they have been reviewed and approved.IGA co

43、ntrols permissions for identities throughout their lifecycle,including when users join,move,or leave and enables oversight of all the identities in your organization(human and machine)making it easy to demonstrate that oversight to auditors,cyber insurance companies,and compliance bodies.Access cont

44、rols/authorizationMulti-factor Authentication(MFA)Session managementand monitoring Secure remote/third-party controlsThreat detection andincident response Credential/passwordmanagementApplication controlsIdentity Governanceand Administration(IGA)Required identity security controls definedWHITEPAPER

45、2024 Cyber Insurance Research Report8The importance of identity security is echoed by security and cyber insurance expertsCJ Dietzman Senior Vice President of Alliant Insurance ServiceMyrna Soto CEO of Apogee Executive Advisors and an expert in cybersecurity and risk managementWhen I think about ins

46、urance carriers and underwriters expectations,identity security has become table stakes.The way cyber insurance companies measure risk is based on incidents,law,and claims.As we reverse engineer cyberattacks,often-times there were soft spots in identity management.You must have a good narrative of i

47、ntegrated controls and a holistic story on how youre mitigating unauthorized access risk and protecting identities.”The greater portion of cybersecurity incidents that have reached the level of a claim are root-caused back to harvesting a credential,compromising an insider,using a third party that h

48、ad access to your systems,etc.,so when organizations are being evaluated for renewals,these are the questions that are asked.”WHITEPAPER 2024 Cyber Insurance Research Report9The majority of companies surveyed had to invest in identity security solutions before obtaining or renewing their policy.To s

49、atisfy the security requirements noted above,organizations say they cant simply present manual processes to potential insurance providers and expect to receive a policy.Instead,they needed to purchase identity security solutions as part of their security technology stack.These results highlight orga

50、nizations diverse security needs and varying levels of preparedness regarding cybersecurity infrastructure.Authorization/access controls(least privilege,policy/role-based access)Application controlsSecure remote/third-party controlsThreat detection and Incident response/cyber resilience planCredenti

51、al/password managementIdentity Governance and AdministrationSession Management and Monitoring(reporting,documentation,and audit trails)MFA(identity validation at multiple levels)We did not have to purchase any additional tools to obtain/renew our policyUnsure/cant rememberOther36%31%3%0%26%33%28%25%

52、33%26%5%Figure 5|What additional tools did you have to purchase to obtain/renew your policy?WHITEPAPER 2024 Cyber Insurance Research Report1041%Whether you conduct these assessments on your own or rely on a third party,expect that they will take skilled IT and security team members away from their d

53、ay-to-day work and more strategic projects.Internal IT/security team reviewInsurance providers security solution/applianceExternal risk assessment teamSelf-assessment questionnaireNothingOther,please specify56%42%1%39%42%0%Figure 6|What types of assessments did you have to do to obtain your cyber in

54、surance policy?Assessments evaluate security posture before policies are granted.Reflecting the increasing maturity of the cyber insurance industry,insurers now require detailed assessments of security posture.Most respondents choose to conduct these assessments on their own.Others bring in a third-

55、party risk assessment team to supplement their internal skillset and provide an unbiased view of a companys security posture.41%of insurance companies require least privilege access controls/authorization before granting a policy WHITEPAPER 2024 Cyber Insurance Research Report11Requirements dont sto

56、p after policies are granted.You must maintain effective security controls if you expect claims to be paid.Great news,you purchased identity security solutions,you demonstrated controls,and you passed your assessment.Your insurance policy has been granted!However,the results of this survey show that

57、 if you dont keep those security controls in place and use them properly,youre likely to have an insurance claim denied.As respondents shared,you must make sure youre checking that security controls are applied to your changing organization,configured correctly,and working as expected.Your security

58、posture isnt set it and forget it.Your risk is always changing as your IT environment becomes more complex and people join,change roles,and leave the organization.The truth is that enterprises dont always follow the policies they proudly share with an insurance provider on their application.Lack of

59、security controlsMisconfigurationDid not follow compliance proceduresNot reporting to insurance company first or within required timeActs of warActs of terrorismHuman error manual processes,lost cell/laptopInternal bad actorThere are no such situationsOther37%26%0%25%32%26%24%30%25%5%Figure 7|In wha

60、t situations,if any,would your cyber insurance coverage be void?WHITEPAPER 2024 Cyber Insurance Research Report12Key Finding 3 Though overall cyber insurance costs are increasing,new technology like AI is reducing premiums.Insurance costs continue to rise for many organizations.Though more than half

61、 report an increase,a year-over-year comparison shows that the increase is slowing.Last year,79%of companies said that insurance costs increased since their latest application or renewal.Why the rise for some?Consider the total cost of resources it takes to complete insurance assessments,address gap

62、s,and demonstrate evidence of effective cybersecurity in a modern,hybrid IT environment.Respondents point to IT complexity as a driving factor for rising costs.As the number of identities increases,more resources are required to accomplish these tasks.Complexity in the IT environment makes cyber ins

63、urance security assessments harder to complete,with disjointed audit and reporting solutions making it difficult to aggregate the details and measure risk.Rising costs could mean that policyholders are requesting higher limits of coverage due to an increased risk profile.They recognize the business

64、impact theyll need to shoulder if they experience a cyberattack and want to transfer that risk.Based on IT complexity and risk profile,insurance companies may be raising prices for all policyholders to ensure sufficient liquidity in case a number of claims come in at once.They have increasedThey hav

65、e not changedThey have decreasedUnsure50%43%1%5%Figure 8|How,if in any way,have your cyber insurance costs changed since you applied or since you last renewed?Increased complexity in IT environmentLack of security controls in placeI dont know whyDue to an increase in risk profileCompromised privileg

66、ed accountsToo many stale/orphaned accountsOther,please specify48%30%2%40%28%35%2%Figure 9|Why did costs increase?Cybersecurity solutions that quickly and comprehensively assess a complex IT environment and deliver risk-based reports you can share with insurance providers are effective means to lowe

67、r your cyber insurance costs.WHITEPAPER 2024 Cyber Insurance Research Report13AI and security controls helped forward-looking companies decrease insurance rates.Not everyone gets the same insurance rate.Your rate is determined based on how risky the insurance company views you your risk profile.In t

68、he case of cyber insurance,your risk is influenced by factors such as your technology stack,security controls,and history.If you can demonstrate visibility and controls that make you a lower risk,you may be able to successfully lower your rates and,thus,your costs.The survey results show that forwar

69、d-thinking companies are reaping the benefits of AI to negotiate lower rates and,therefore,costs.The majority,however,still need to focus on adopting and implementing the foundations of strong identity security.Artificial Intelligence,especially for threat detection and monitoring,is effective to re

70、duce cyber insurance premiums Premiums,the amount of money a business pays to keep an insurance policy active,are determined by the type of insurance you get,your policy limits,and your deductible,among other factors.The more confident you are in your security posture and controls,the better you can

71、 select the right insurance for you and negotiate lower premiums.Companies are adopting Artificial Intelligence(AI)to ensure cybersecurity solutions and policies are working as expected and to contain incidents in progress so that they can reduce the dwell time of threat agents and blast radius of a

72、ttacks,which in turn may lower your risk profile.We negotiated a lower rate by implementing additional security capabilitiesWe negotiated a lower rate by leveraging AI capabilitiesWe negotiated a lower rate by leveraging more automationOtherI dont know why50%50%0%0%44%Figure 10|Why did your insuranc

73、e costs decrease?Threat detection and monitoringBehavioral analytics and AI-driven auditingContextual and adaptive MFANone AI is not impacting my cyber insuranceUnsureOther50%4%43%1%0%37%Figure 11|What AI capabilities,if any,are you adopting to reduce your cyber insurance premiums?WHITEPAPER 2024 Cy

74、ber Insurance Research Report14ConclusionWhile insurance is an essential tool for cyber resilience,youll never be able to transfer all your risk.Cyber insurance needs to work in concert with robust,reasonable,defensible cyber security controls and processes.In particular,insurance providers expect t

75、o see identity security policies and effective solutions before granting a policy.Youll need to share evidence of identity security controls in action and ensure you maintain these controls as your attack surface changes and your risk profile increases.AI is helping organizations capture the knowled

76、ge of subject matter experts and act as“SOC assistant”to pinpoint identity-related threats faster,ultimately reducing dwell time,limiting the blast radius of an attack,and reducing risk.Based on the results of this survey,AI is poised to deliver even greater benefits as companies negotiate policies

77、with insurance carriersAs part of their risk assessments,underwriters are going to want to know how youre embedding AI in your digital transformation efforts,including product development,coding,development,QA testing,etc.You should also expect questions that scrutinize how your security team is usi

78、ng AI for things like identity management,authorization,detection,and response.Any AI-based controls must be easily explainable,so that your team,auditors,and insurance providers are confident in how they work to reduce risk.Most U.S.companies surveyed had to invest in identity security solutions be

79、fore obtaining a policy WHITEPAPER 2024 Cyber Insurance Research Report15Methodology This online survey was conducted on behalf of Delinea by Censuswide,who,in June 2024,surveyed 306 leaders with visibility into their organizations cyber insurance application or renewal process.All respondents were

80、presented with the same set of questions,and the answer options were randomized.Results were not weighted.Breakdown of 306 respondents by countsFinanceITLegalSecurity/RiskComplianceIndustryRolesArchitecture,Engineering&BuildingArts&CultureEducationFinanceHealthcareHRIT&TelecomsLegalManufacturing&Uti

81、litiesRetail,Catering&LeisureSales,Media&MarketingTravel&TransportOther87281283627WHITEPAPER 2024 Cyber Insurance Research Report16TitlesCompany sizeOver$10 Billion$1 Billion-$10 Billion$500 Million-$999.99 Million$100 Million-$499.99 Million$50 Million-$99.99 Million$10 Million-$49.99 MillionUnder$

82、9.99 Million1463235045525937798457463Business OwnerC-suiteDirectorSenior ManagerManagerOtherWHITEPAPER 2024 Cyber Insurance Research Report17Related ResourcesWEBINARThe Future of Cyber Insurance:Navigating the Impact of AI on Policy HoldersHear what cybersecurity and insurance experts say about eval

83、uating policy language to make sure you understand your coverage,exclusions,and how your provider will support you should an incident occur.Watch Now WHITEPAPERInsights into Enhanced Cybersecurity Insurance RequirementsThis report aggregates questionnaires from leading insurance companies and highli

84、ghts the common questions.Specifically,it examines increasingly stringent insurer requirements for identity security,including multi-factor authentication(MFA),password management,access control,privilege elevation,session management,least privilege,and zero trust policies.Download NowPODCASTCyber I

85、nsurance Trends for Risk Management with Joe Carson of Delinea and Dara Gibson of OptivLearn how to have conversations about cyber insurance with your board.Listen Now Delinea CISR2024-WP-0824-ENDelinea is a pioneer in securing identities through centralized authorization,making organizations more s

86、ecure by seamlessly governing their interactions across the modern enterprise.Delinea allows organizations to apply context and intelligence throughout the identity lifecycle across cloud and traditional infrastructure,data,and SaaS applications to eliminate identity-related threats.With intelligent

87、 authorization,Delinea provides the only platform that enables you to discover all identities,assign appropriate access levels,detect irregularities,and immediately respond to identity threats in real-time.Delinea accelerates your teams adoption by deploying in weeks,not months,and makes them more productive by requiring 90%fewer resources to manage than the nearest competitor.With a guaranteed 99.99%uptime,the Delinea Platform is the most reliable identity security solution available.Learn more about Delinea on ,LinkedIn,X,and YouTube.