New research from Delinea highlights the critical role of identity security in cyber insurance coverage.
The report, titled “Identity Security Controls Become Non-Negotiable for Coverage,” found that 97% of respondents said identity-related controls impacted their premiums or coverage terms. The report emphasised that robust identity security is now essential for obtaining favourable cyber insurance terms.
A survey of over 750 security leaders in the US and the UK revealed that identity security has become a major factor in cyber insurance assessments. According to Delinea’s report, identity controls now heavily influence both coverage eligibility and pricing, as insurers evaluate an organisation’s cyber risk management maturity.
Among the most critical controls, Privileged Access Management (PAM) ranked highest, cited by 41% of respondents as the top factor influencing underwriters’ perception of insurability. Identity Governance and Administration (IGA) followed at 38%, with third-party and vendor access controls at 32%. Notably, nearly half (46%) of organisations that filed claims reported that the incident triggering their claim was either identity-related or involved a privileged account compromise.
Delinea’s report also underscores the growing impact of AI adoption on the cyber insurance landscape, presenting both opportunities for risk reduction and new coverage challenges. A striking 86% of respondents said their insurers offered premium discounts or credits for implementing AI-driven security controls. Among organisations that saw overall cyber insurance costs decrease over the past year, 64% attributed the reduction to AI adoption.
The most influential AI applications for premiums were threat detection and monitoring (63%), followed by behavioural analytics and auditing (59%).
However, the report also warns of potential coverage gaps: 42% of respondents indicated that their policies specifically exclude AI misuse or liability.
“Insurers are sending a clear message: organisations must demonstrate strong identity security maturity if they want affordable coverage, or any coverage at all. We’re seeing a rapid shift from cyber insurance being a financial backstop to an audit of an organisation’s identity and access posture. Identity-first security is more than just best practice. It’s now an underwriting requirement, especially in the age of AI,” said Delinea CEO Art Gilliland said in a press release statement.
Additional key findings from the report include:
- Claims and premiums continue to climb: 72% of organisations filed a cyber insurance claim in the past year—a 10-point increase from 2024—while 70% said their insurance costs also rose.
- Insurer scrutiny intensifies: Nearly all respondents underwent security assessments to secure coverage, and more than half (51%) were required to adopt an insurer’s preferred security solution or appliance.
- Coverage gaps persist: Only 33% of policies cover lost revenue, and 45% cover ransomware negotiations or payment. Nearly half (45%) of respondents said their policy could be voided if required security controls were not in place.