Over the past 12 months, 62% of U.S. companies have filed a cyber insurance claim with more than 27% filing multiple claims within the same period.
This staggering statistic comes via identity security specialist Delinea, which reported that U.S. companies are increasingly adopting advanced technologies like AI to secure strong cyber insurance coverage and mitigate rising costs. Delinea President Rick Hanson believes that his company’s Cyber Insurance Report will be of particular interest to MSSPs as the grapple with the complexities of today’s cyber insurance landscape.
“As organizations aim to scale securely and minimize risks, MSSPs can play a pivotal role by offering managed services that incorporate AI-driven solutions, making it easier for businesses to present the necessary evidence to maintain or enhance insurance coverage,” Hanson told MSSP Alert. “The survey's insights present opportunities for MSSPs to support business resilience, while sparking conversations about how identity security solutions and partnerships can help organizations navigate the evolving cyber insurance landscape.”
Hanson emphasized that Delinea views cyber insurance and MSSPs as “complementary rather than competing forces” while playing a proactive role in preventing breaches.
“Companies that invest in MSSP services are often better equipped to prevent or mitigate cyber incidents, which can lower the likelihood of filing a claim and may even reduce insurance premiums” he said. “Delinea’s solutions help companies strengthen their defenses, which is essential for both insurance carriers and MSSPs to reduce overall risk exposure.”
Examining the Cost of Cyber Insurance
Hanson reminded that insurance rates are not uniform, based on a variety of factors.
“Your rate is based on your risk profile, which is influenced by factors such as your technology stack, security controls and historical risk,” he explained. “Demonstrating strong visibility and robust controls can help lower your risk profile and potentially reduce your insurance costs.”
Hanson believes that insurers are rapidly adapting to these changes.
“They are gaining a better understanding of individual organizational risks and maturing their practices annually to adjust premiums more accurately,” he said. “This dynamic approach helps ensure that the insurance industry stays aligned with the evolving threat landscape and continues to provide relevant risk assessments.”
Key Findings from the Report
As more businesses recognize the dangers of inadequate cybersecurity and the number of reported incidents and claims continues to rise, Delinea asserts that the year-over-year jump reflects both a genuine increase in claims and improved awareness and reporting of cyber risks.
“More companies now recognize cyber insurance as a crucial part of their risk management strategy, especially as compliance regulations and business continuity concerns become more prominent,” Hanson said. “In fact, 77% of companies with (cyber) insurance have previously filed a claim, and of the 62% who filed a claim in just the past 12 months, it shows that the frequency of incidents is increasing.”
However, the uptick in claims is not only due to more companies having coverage but also because the nature of cyberattacks has evolved. Hanson pointed to identity-related attacks, including privileged account compromises becoming more prevalent, caused 47% of attacks that lead to insurance claims.
“Attackers often don’t need to ‘break in’ anymore — they simply use stolen or purchased credentials to log in and exploit vulnerabilities,” Hanson said. “This increase in both attack volume and complexity, particularly through identity-related threats and third-party vulnerabilities, has contributed to the surge in claims.”
In short, says Hanson, while more organizations are securing cyber insurance, the growing sophistication and frequency of cyberattacks are also driving the rise in filed claims.
Other key findings focus on:
- Insurance Requirements for Identity Security. 41% of insurance companies require proof of least privilege access controls or authorization before granting a policy. Additionally, 95% of U.S. companies reported the necessity of investing in identity security solutions before obtaining cyber insurance. These findings underscore the growing demand for stringent identity security protocols to secure comprehensive coverage.
- AI Adoption for Lower Premiums. Half of U.S. companies are now leveraging AI-supported threat detection and monitoring solutions. advanced technologies are proving instrumental in reducing cyber insurance premiums, offering a strategic advantage to policyholders in an environment.
Top Industries for Cyber Insurance
Cyber insurance isn't legally required for all industries, although certain sectors — especially those handling sensitive data or facing strict regulatory oversight — are highly encouraged or required to carry cyber insurance as part of their risk management programs, according to Hanson.
Therefore, industries such as healthcare, financial services and critical infrastructure, which must comply with regulations like HIPAA and PCI DSS, are among the most likely to need coverage.
“These regulations may not mandate cyber insurance directly, but they emphasize data protection and quick recovery, which insurance helps ensure,” Hanson said.
Delinea’s study found that identity-related breaches, including attacks on privileged accounts, is also evident in industries where third-party vendors and contractors have access to IT systems, creating vulnerabilities that cybercriminals exploit. Notably, 27% of respondents reported filing claims due to issues related to their supply chain or third-party vendors.
Hanson noted that insurers now require businesses, particularly those in high-risk industries, to implement strict identity security controls — such as least privilege access and threat detection systems — to minimize the likelihood and impact of cyber incidents.
This survey was conducted on behalf of Delinea by Censuswide, who, in June 2024, surveyed 306 leaders with visibility into their organization’s cyber insurance application or renewal process.
