As insurers become more educated on what a “secure organization” looks like, they are tightening their requirements that puts the onus on organizations to be more secure.
According to Netwrix’ 2023 Hybrid Security Trends Report, 59% of organizations either have a cyber insurance policy in place or plan to purchase one within 12 months.
Cyber insurers have spent the last few years learning what they don’t know about this new market. Today, cyber insurers are aware of the need for their insured organizations to have a proper security posture that includes a wide range of solutions.
Oftentimes, organizations don’t have all of the required security controls implemented, resulting in either higher premiums or denial of coverage. According to Netwrix, 28% needed to make changes to their security implementation to obtain a lower premium and 22% had to do so just to qualify for a policy at all.
In the report, there is mention of solutions impacting authentication and privileged access. But what’s interesting to note, when asked who poses the biggest risk to data security the number one answer was the organization’s own employees. Almost half (47%) of organizations had to implement regular security awareness training for their employees to qualify for a policy.
And it just makes sense; the number one initial attack vector is still phishing. Through continual training, organizations reduce the likelihood of a successful initial compromise that would lead to a full blown attack – something cyber insurers are wanting their insured organizations to avoid.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.