Identity security failures may account for almost half of cyber-insurance claims, research by Delinea has suggested.
Privileged access management (PAM) vendor Delinea reported that 47% of cyber-insurance claims related to incidents compromising identities or account privileges. The statistic is based on its 2024 State of Cyber Insurance Research Report.
“Gaps in identity security are the most common cause of cyber incidents that result in insurance claims,” the vendor said. “The data shows that 77% of companies with insurance have previously filed a claim.”
Therefore, cyber-insurance has become essential. It operates as part of a cyber risk management programme that supports resilience and recovery, Delinea said.
“In the last 12 months alone, 62% of companies filed a claim. [Additionally] it has been a particularly bad year for more than 27% of companies that filed more than once during the previous 12-month period,” it added.
At the same time, insurance companies want evidence of identity security before granting a policy. For 40% of insurance companies, this includes least-privilege access controls and authorisation, the vendor said.
“Least privilege” refers to the practice of only granting access or authorisation to users that really need the capability.
“Nearly all respondents have some form of identity security requirement mandated by their cyber insurance provider. Most of those surveyed say cyber-insurance policies require multiple identity security controls,” the report said.
What you may need to get cyber-insurance
Controls must align with industry best-practice and regulatory requirements. They should not only help prevent incidents but support organisations to respond quickly and effectively to incidents that occur.
Insurers want more comprehensive security controls because it helps them manage and predict losses, Delinea pointed out.
“Insurers are engaging in detailed risk assessments, and it’s increasingly difficult for cyber leaders to prove the value of their security programme and get robust coverage,” it said.
Organisations may need multiple security controls from access defences to session management and monitoring. Multi-factor authentication (MFA) is often required, as are secure remote and third-party controls.
In addition, threat detection and incident response, enhanced credential and password management, application controls, and fuller identity governance and administration (IGA) can be needed, Delinea said.
Delinea debuted its Delinea Platform in 2023, a cloud-native PAM platform aimed at covering cybersecurity requirements from privilege controls to remote access and visibility. It also introduced a combination of user-activity recognition and AI learning to monitor privileged session recordings.
Last year Delinea also gained a US patent for delegated machine credentials. This capability streamlines privilege controls by delegating entitlements of a specific machine to the workloads running on it, the vendor said.