Identity security now vital for affordable cyber insurance cover

Identity security controls have become a key factor in determining whether organisations can secure or afford cyber insurance, according to new research released by Delinea. The findings show that 97% of organisations believe identity-related controls have directly influenced their insurance premiums or coverage terms in the past year.

Underwriting shift

Survey data from more than 750 security leaders based in the US and UK indicates that insurance underwriters are now focusing on identity and access management as primary indicators of an organisation's cyber risk maturity. Among the different security controls, Privileged Access Management (PAM) was named as the most influential by 41% of respondents, followed by Identity Governance and Administration (IGA) at 38%, and third-party or vendor access controls at 32%.

The report also notes that 46% of those who filed a claim did so due to incidents related to identity breaches or privileged account compromise. This underscores the increased scrutiny insurers are placing on how organisations manage and safeguard digital identities across systems.

Growing impact of AI

The rapid deployment of artificial intelligence is altering the insurance landscape. The report shows that 86% of survey respondents have been offered premium reductions or credits by insurers for integrating AI-driven security solutions. AI-powered threat detection and monitoring was cited by 63% as the most significant factor affecting premium costs, closely followed by behavioural analytics and auditing at 59%.

Despite these incentives, the survey reveals emerging coverage restrictions tied to new technologies. Some 42% of respondents said their policies now include specific exclusions for AI misuse or related liabilities.

Claim trends

The research recorded a rise in claim activity, with 72% of organisations reporting they had filed a cyber insurance claim during the last year - a 10 percentage point increase from the previous period. At the same time, 70% noted increased insurance costs year-on-year. The upward trend in claims and costs illustrates the changing risk environment and the resulting insurance market adjustments.

Demanding coverage

Insurers are intensifying their scrutiny of applicants' security arrangements. Nearly all respondents were required to undergo formal security assessments before being granted coverage, while 51% were mandated to adopt specific security solutions recommended by their insurer.

The findings highlight that identity security has become a prerequisite. According to the survey, only 33% of policies cover lost revenue, and just 45% include provisions for ransomware negotiation or payment. Approximately 45% of respondents acknowledged that failing to implement required controls, as specified by the insurer, could result in policy invalidation.

"Insurers are sending a clear message: organisations must demonstrate strong identity security maturity if they want affordable coverage, or any coverage at all," said Art Gilliland, CEO, Delinea. "We're seeing a rapid shift from cyber insurance being a financial backstop to an audit of an organisation's identity and access posture. Identity-first security is more than just best practice. It's now an underwriting requirement, especially in the age of AI."