The CAL Blog

Cybercriminals hit more than half of U.S. companies in 2024

Written by The CAL Team | Sep 25, 2024 5:04:26 PM

Author: Joe Toppe

Original article here.

 

More than half of U.S. companies filed a cyber claim in 2024, according to a recent report by Delinea.

The frequency of cyber insurance claims remains high, the data showed, with 62% filing a claim during the last 12 months and more than 27% filing multiple claims.

"When I think about insurance carriers' and underwriters' expectations, identity security has become table stakes," CJ Dietzman, senior vice president of Alliant Insurance Service, said in the report.

"The way cyber insurance companies measure risk is based on incidents, law, and claims," he added.  "As we reverse engineer cyberattacks, often-times there were soft spots in identity management. You must have a good narrative of integrated controls and a holistic story on how you're mitigating unauthorized access risk and protecting identities."

Key insights from the study include:

  • 77% of companies with insurance have previously filed a claim.
  • 41% of insurance companies require proof of least privilege access controls or authorization before granting a policy.
  • 95% of U.S. companies reported the necessity of investing in identity security solutions before obtaining cyber insurance. These findings underscore the growing demand for stringent identity security protocols to secure comprehensive coverage.
  • 79% of companies said that insurance costs increased since their latest application or renewal.
  • Half of U.S. companies now leverage AI-supported threat detection and monitoring solutions. These advanced technologies are proving instrumental in reducing cyber insurance premiums, offering a strategic advantage to policyholders in an environment where overall insurance costs are on the rise.

"The frequency of claims tied to identity compromises underscores the ongoing gaps in many organizations' security strategies," Dietzman said. "Insurers now require clear evidence that identity risks are being proactively managed."