Insurers Now Spotlighting Identity and Privilege Compromises

As cyber threats grow, insurers are increasingly focusing on identity and access management to mitigate risks

The surge in cyber attacks is reshaping the insurance landscape, with identity and privilege compromises emerging as a critical concern. According to a Delinea survey, 77% of companies with cyber insurance policies have filed at least one claim, and 62% made claims just last year.

This escalation in claims has prompted insurers to reevaluate their risk models, and a significant focus is now on identity security. 

Identity compromises driving policy changes

Insurers are increasingly concerned about how companies manage identity and access, with the report showing 47% of all claims linked to identity and privilege compromises. This shift reflects the growing vulnerability of user accounts and credentials in cyberattacks.

Recent insights from IBM's X-Force Threat Intelligence Index support this trend, showing that cybercriminals are focusing on exploiting valid accounts rather than hacking their way into systems. This approach is both efficient and harder to detect, making it a preferred tactic.

With compromised credentials now at the heart of many attacks, insurers are taking action. Delinea revealed 40% are mandating least privilege access controls and other identity-focused protocols before providing coverage. This isn’t just a recommendation—it's becoming a requirement. As insurers tighten their standards, businesses are being forced to strengthen their identity security measures or risk losing their policies.

The financial and operational burden of meeting these new insurance criteria is substantial. A massive 95% of American companies had to enhance their identity security protocols to secure or maintain coverage. This includes implementing multi-factor authentication (MFA), privileged access management, and identity governance solutions. While costly, these upgrades are essential as insurers focus on reducing risks tied to credential misuse.

The rise in identity-based cyberattacks underscores why insurers are placing such importance on identity and privilege management. Cybercriminals are increasingly targeting user credentials, with a 266% rise in infostealing malware observed by IBM in 2023. These malicious tools collect personal information such as emails, banking details, and social media credentials, giving attackers an easy way into corporate networks.

What’s particularly alarming is that breaches involving compromised credentials take, on average, 11 months to detect and resolve. This extended response time increases the financial and operational damage. The complexity of these incidents, where security teams must differentiate between legitimate and malicious user activity, adds significant pressure on companies and their insurers.

IBM’s X-Force report also notes that 70% of the attacks they responded to targeted critical infrastructure, with many incidents involving the use of valid user accounts. This highlights just how critical identity management has become, especially for high-value targets. In fact, 85% of these attacks could have been prevented with basic security practices such as MFA or least privilege principles. However, as simple as these measures may sound, they’re proving difficult for many organisations to implement effectively.

AI to the rescue for cyber insurance costs

Despite the rising costs of cyber insurance, AI offers a potential solution. More than half of the companies surveyed by Delinea have seen their premiums increase, but AI technology is helping offset some of this burden. Around 50% of companies are using AI-driven threat detection and surveillance tools to lower their premiums.

AI's real-time analysis capabilities are proving invaluable for insurers and businesses alike. By quickly identifying patterns and anomalies in vast amounts of data, AI can detect potential breaches and security gaps before they cause significant damage. This not only improves a company's security posture but also allows insurers to fine-tune their risk assessments and streamline claims processes.

For insurers, the ability to predict and prevent cyberattacks through AI technology could lead to a reduction in the frequency and cost of claims. AI is also playing a growing role in post-incident assessments, helping insurers and their clients identify how breaches occurred and what measures can be taken to prevent future incidents. This combination of proactive and reactive uses makes AI a powerful tool in the ongoing battle against cyber threats.

As cybercriminals continue to exploit weaknesses in identity management, insurers are making it clear that robust identity and access controls are non-negotiable. Businesses that fail to meet these new standards may find themselves facing higher premiums, or worse, unable to secure coverage at all. The future of cyber insurance will likely see even greater integration of AI tools to both improve security and manage the ever-growing complexities of cyber risk management.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand