SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Delinea - 80% of US companies have had to use cyber insurance
Fri, 25th Nov 2022
FYI, this story is more than a year old

A new report from Delinea has revealed that nearly 80% of U.S. companies have had to use their cyber insurance, though often not covering what is needed.

Delinea says this should come as a warning to APAC organisations, who should examine the U.S. experience to avoid similar issues.

Survey elements were conducted among 300 US-based IT decision-makers by Censuswide.

The report found that more than half of companies that have leveraged their coverage have used it more than once. Delinea says that, as a result, insurers are pulling back on covering what is most needed, with only about 30% of organisations saying their policy covers critical risks, including ransomware, ransom negotiation, and decision on ransom payment.

Wahab Yusoff, Vice President, Asia Pacific & Japan, Delinea, says that businesses should not underestimate the importance of cyber insurance but, at the same time, should make sure it doesn't replace security strategies.

"Asia Pacific, Australian and New Zealand organisations and Boards should examine the U.S. experience to avoid similar issues," he says.

"Organisations should be very clear that cyber insurance is a safety net to complement, not replace, a robust security strategy. Deploying modern security solutions not only minimises risks and protects the business but also offers the best return on investment."

Other key results dissected the state of approvals and timings when it came to cyber insurance. 70% of organisations were found to have applied for cyber insurance, with 93% being approved when they applied and 65% claiming the process took less than three months.

While risk reduction was the main reason for applying (40%), one-third (33%) of respondents claimed that it was also due to requirements from executive management and Boards of Directors, and 25% cited recent ransomware incidents as a primary decision driver. 

In line with increased pressure coming from the top, it was no surprise that 93% of teams received the budget required to purchase their cyber insurance policies, even as 75% of respondents said premiums increased in their last renewal.

"Executives and Boards use cyber insurance to lower the costs associated with potential breaches. As a result, most organisations are scrambling to buy or renew a policy, even as the insurers pull back on what they will cover and simultaneously raise the price of coverage," says Art Gilliland, CEO of Delinea. 

"Our report shows that insurers are increasingly requiring organisations to implement a broader set of security controls to try to reduce the number of customers leveraging their policies. With 80% of companies leveraging their insurance policies, it is expected that more advanced solutions are needed."

Other main reasons cited in the report for applying for cyber insurance were business contract requirements (24%) and recent data breaches (17%). 

The largest number of respondents (48%) indicated that their policy covers data recovery, while roughly a third indicated it covers incident response, regulatory fines and third-party damages.

When asked how they met insurers' Privileged Access Management requirements, only 43% said they had suitable existing solutions, and 42% said they were looking to acquire additional solutions (42%).

"Privileged Access Management solutions can help limit the organisations exposure to risks such as ransomware, and simultaneously keep the potential payout to a minimum if covered by cyber insurance," says Gilliland.