"Only 30% of Cyber-Insurance Holders Say Ransomware is Covered"

According to a news study by researchers at Delinea, cyber insurance providers appear to be limiting policy coverage due to surging costs from claimants.  The researchers polled 300 US-based IT decision-makers for the study.  The researchers noted that although 93% of the organizations were approved for specialized cyber-insurance cover by their provider, just 30% said their policy covered "critical risks," including ransomware, ransom negotiations, and payments.  Around half (48%) of the participants said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines, and third-party damages.  The researchers stated that this may be because many organizations are regularly being breached and look to their providers for payouts, driving up costs for carriers.  The researchers noted that some 80% of those surveyed said they've had to call on their insurance, and half of the organizations have submitted claims multiple times.  As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they're allowed to sign up.  The researchers noted that half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA), and data backups.  However, the researchers noted that high-level checks might not be enough to protect insurers from surging losses, as they can't guarantee customers are properly deploying security controls.  

Infosecurity reports: "Only 30% of Cyber-Insurance Holders Say Ransomware is Covered"