Cyber insurance insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost.

  • 1 year ago Posted in

Netwrix surveyed more than 1,600 IT and security professionals worldwide to reveal how their organisations reduce the financial impact of a data breach via a cyber insurance policy.

 

According to the survey, 44% of organisations are insured and 15% plan to purchase a policy within the next 12 months. Before being offered a policy, organisations typically need to go through a security audit by the prospective insurer.

“The insurer’s audit will highlight security gaps in the IT ecosystem and provide recommendations on how to overcome them. In some cases, implementing additional security controls is mandatory to even qualify for a policy. In addition, some organisations choose to invest in more security measures because it reduces the cost of the insurance policy,” says Dirk Schrader, VP of Security Research at Netwrix.

We asked respondents what requirements they had to meet in order to qualify for a policy. The most requested measure was multifactor authentication (MFA), named by 63%, followed by patch management (55%) and regular security training for business users (47%). In addition, 38% said they had to meet requirements for identity and access management (IAM), while 36% revealed they had to implement privileged access management (PAM) controls. Indeed, according to Gartner®,“Insurers often require organisations to deploy a PAM tool, along with MFA for administrative access, to mitigate the risk of breaches and malware events.”(1)

“When addressing the requirements or recommendations from an insurer, it is vital to assess the dependencies between the requested controls. For example, in order to require MFA for access to particular types of data, it is necessary to know where sensitive and regulated data resides, as well as to have control over user and administrative privileges,” says Ilia Sotnikov, Security Strategist at Netwrix.

Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...
Graylog has unveiled significant security advancements to drive smarter, faster, and more...
Datadog has published its new report, the State of Cloud Security 2024. The report found that...
ISACA research shows automating threat detection/response and endpoint security are the most...
Strategic partnership unifies AI-native endpoint security and next-generation firewall protection...
Advanced forms of social engineering are on the rise, though obvious gaps like weak passwords are...