What Asia Pacific organizations can learn from the US experience with cyber insurance

In a recent survey of around 300 IT security professionals from across the United States on matters related to cyber insurance, it was found that many firms that had leveraged the policy had also used it more than once.

The data showed that nearly 70% of respondents had applied for cyber insurance, with 93% having received approval, and 65% claiming the process took less than three months.

While risk reduction was the main reason for applying (40%), 33% of respondents claimed that it was also due to requirements from executive management and Boards of Directors, and 25% cited recent ransomware incidents as a primary decision driver.

Some 93% received the budget required to purchase the cyber insurance policies, and 75% of respondents indicated that premiums had increased in their last renewal.

Other findings

The main reasons cited for applying for cyber insurance were business contract requirements (24%) and recent data breaches (17%). The largest number of respondents (48%) indicated that their policy covered data recovery, while roughly a third indicated it covered incident response, regulatory fines and third-party damages.

To qualify for cyber insurance, 51% of confirmed that cybersecurity awareness training was a requirement, with 47% stating they were required to have malware protection, antivirus software, multi-factor authentication (MFA) and backup data.

When asked how they met insurers’ Privileged Access Management (PAM) requirements, a 43% of respondents indicated they had suitable existing solutions and a similar number indicated they had to acquire additional solutions.

Finally, data indicates that insurers of the respondents were pulling back on covering what was most needed, with 30% of respondents indicating their policy covered critical risks including ransomware, ransom negotiation, and decision on ransom payment.

According to Art Gilliland, CEO, Delinea, the company that commissioned the survey: “Insurers are increasingly requiring organizations to implement a broader set of security controls to try to reduce the number of customers leveraging their policies. With 80% of companies leveraging their insurance policies, it is expected that more advanced solutions are needed.”

The firm believes that Asia Pacific organizations and management boards can take cues from the US cyber insurance scenario and be “very clear that cyber insurance is a safety net to complement, not replace, a robust security strategy. Deploying modern security solutions not only minimizes risks and protects the business but also offers the best return on investment.”