- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Only 30% of Cyber-Insurance Holders Say Ransomware is Covered
Cyber-insurance providers appear to be limiting policy coverage due to surging costs from claimants, according to a new study from Delinea.
The security vendor polled 300 US-based IT decision makers to compile its latest report, Cyber-insurance: if you get it be ready to use it.
Although 93% were approved for specialized cyber-insurance cover by their provider, just 30% said their policy covered “critical risks” including ransomware, ransom negotiations and payments.
Around half (48%) said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines and third-party damages.
That may be because many organizations are regularly being breached and look to their providers for pay-outs, driving up costs for carriers. Some 80% of those surveyed said they’ve had to call on their insurance, and half of these have submitted claims multiple times, the study noted.
As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they’re allowed to sign up.
Half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA) and data backups.
However, high-level checks may not be enough to protect insurers from surging losses, as they can’t guarantee customers are properly deploying security controls, claimed Avishai Avivi, CISO at SafeBreach.
“Cyber-insurance providers need to start advancing beyond simple checklists for security controls. They must require their customers to validate that their security controls work as designed and expected,” he argued.
“They need their customers to simulate their adversaries to ensure that when they are attacked, the attack will not result in a breach. In fact, we’re already starting to see government regulations and guidance that includes adversary simulation as part of their proactive response to threats.”
