Netwrix: 30% of organizations with cyber insurance changed practices to meet policy requirements

Netwrix, a vendor that delivers effective and accessible cybersecurity to any organization, conducted a global survey of 1,309 IT and security professionals and analyzed the collected data in its annual 2024 Hybrid Security Trends Report.

The survey reveals that almost half (48%) of organizations with a cyber insurance policy had to enhance their security posture to meet the insurer's requirements. Among those, 30% made changes simply to be eligible for the policy compared to 22% a year ago. 18% of respondents say they implemented additional security measures in order to reduce the cost of a policy, down from 28% in 2023. What's more, almost 1 in 5 (19%) insured organizations used their cyber insurance policy within the last 12 months.

The most common security measure required by insurers in 2024 is multi-factor authentication, named by 75% of respondents (up from 65% in 2023), followed by patch management (55%) and regular cybersecurity training for employees (49%). Moreover, insurance companies are now more likely to require advanced security solutions. Indeed, in 2024, 45% of respondents named IAM among the requested security measures in place, up from 38% in 2023, and 42% said the same about PAM compared to 36% in 2023.

"One thing insurance providers understand well is risk management. They know that, sooner or later, adversaries with enough motivation and resources will infiltrate an IT environment," says Ilia Sotnikov, Security Strategist at Netwrix. "PAM makes it harder for attackers to move laterally through the environment and escalate their privileges, and it ensures they will create more noise along the way. All this gives the security team the opportunity to detect and respond to attacks in time to prevent significant losses. And minimizing the loss (e.g., the payout request) is exactly what insurance providers are looking for."