The proliferation of cyberattacks in 2020 and 2021 were a shock to the cyber insurance industry. Claims frequency and severity skyrocketed, and losses often far exceeded actuarial limits.
Demand for cyber insurance continues to increase as more companies try to offset their risk. Meanwhile, insurers are recoiling from overexposure; it’s been widely reported that carriers are raising rates and requirements.
In this environment of uncertainty and change, Delinea wanted to understand the real-life experiences of companies which have obtained and used cyber insurance. We surveyed over 300 IT security professionals from across the United States to see what types of challenges they’ve experienced, and how they’ve put their cyber insurance to use.
Among the findings, three key takeaways stood out.
- What the Board wants, the Board gets.
Cyber insurance has become ubiquitous, driven by requirements from the Board of Directors. Almost 70% are currently investing in insurance, with 93% receiving it when they apply.
- Your policy will get a workout, but it may not cover what you need
Almost 80% of respondents have used their cyber insurance policy. Half of those have used it multiple times. But the devil is in the details. Over 50% of survey respondents say their policies don’t cover costs related to data recovery, ransomware, and more.
- Policy requirements try but fail to prevent attacks.
To contain risk, insurers are mandating that policy holders have core security tools and practices in place. So, why are nearly 80% of companies still experiencing cyber events that require insurance? Clearly, checking the policy requirements boxes isn’t enough to keep organizations safe.
This article is posted at delinea.com
Please fill out the form to access the content
