The Delinea report, titled “Identity Security Controls Become Non-Negotiable for Coverage,” highlights a significant shift in the cyber insurance landscape, revealing that identity security controls are now pivotal in determining coverage terms and premiums.
Among the findings, Privileged Access Management (PAM) emerged as the most critical factor, with 41% of respondents indicating it significantly impacts underwriters' assessments. This is particularly relevant given that nearly half of the claims filed over the past year were linked to identity-related incidents, often resulting from compromised privileged accounts.
Among surveyed respondents in the US and UK, With 97% of organisations acknowledging that identity-related controls influence their insurability,
Art Gilliland, CEO of Delinea, stated, “Insurers are sending a clear message: organisations must demonstrate strong identity security maturity if they want affordable coverage, or any coverage at all.” This reflects a notable shift in focus from viewing cyber insurance as a mere financial backstop to an in-depth evaluation of an organisation’s identity management practices.
The report also highlights the influence of AI on the insurance landscape. While 86% of respondents reported that their insurers offer premium reductions for utilising AI in security practices, the technology also introduces complexities. Notably, 42% of surveyed organisations mentioned that their policies specifically exclude liabilities arising from AI misuse. This duality poses both opportunities and challenges, necessitating organisations to carefully manage their AI tools to avoid coverage gaps.
Moreover, the report reveals that 72% of organisations filed at least one cyber insurance claim in the past year—a troubling trend that underscores rising cyber risks. As claims and premiums increase, insurers are intensifying their scrutiny. More than half of the organisations surveyed stated they were required to adopt preferred security solutions from insurers to secure coverage.
Despite the heightened focus on identity security, significant coverage gaps persist. Only 33% of policies account for lost revenue, and 45% cover ransomware negotiations or payments. Alarmingly, almost half of respondents indicated their policy could be voided if essential security controls were not implemented.
FOr CISOs and heads of security in Southeast Asia and Hong Kong, what must they prioritise to maintain affordable and comprehensive coverage?
As Southeast Asian governments and businesses continue to embrace digital transformation, understanding these trends is crucial for adapting strategies around cyber insurance. Companies must leverage effective identity security measures and AI responsibly to enhance their insurability in an increasingly rigorous underwriting environment.
