A majority of organisations (80%) have had to use their cyber insurance and more than 50% have used it more than once, according to a new analysis by Delinea.
The new analysis, Cyber Insurance – If You Get It, Be Ready to Use It, revealed that insurers are pulling back on covering what is most needed, with only about 30% of organisations saying their policy covers critical risks including ransomware, ransom negotiation, and decision on ransom payment.
The survey, conducted among 300 US-based IT decision makers by Censuswide, found that nearly 70% of organisations have applied for cyber insurance, with 93% being approved when they applied, and 65% claiming the process took less than three months.
While risk reduction is the main reason for applying (40%), one-third (33%) of respondents claimed that it was also due to requirements from executive management and boards of directors, and 25% cited recent ransomware incidents as a primary decision driver.
Given the pressure coming from the top, it’s therefore no surprise that 93% received the budget required to purchase their cyber insurance policies even as 75% of respondents said premiums increased in their last renewal.
The analysis found that insurers are increasingly requiring organisations to implement a broader set of security controls to try to reduce the number of customers leveraging their policies. With 80% of companies leveraging their insurance policies, it is expected that more advanced solutions are needed.
Other main reasons cited for applying for cyber insurance were business contract requirements (24%) and recent data breaches (17%). The largest number of respondents (48%) indicated that their policy covers data recovery, while roughly a third indicated it covers incident response, regulatory fines and third-party damages.
To qualify for cyber insurance, a majority of respondents (51%) confirmed that cyber security awareness training was a requirement, with just under half (47%) stating they were required to have malware protection, antivirus software, multi-factor authentication and backup data. M