Frisco, TX, September 26, 2023

Half of Organizations with Cyber Insurance Implemented Additional Security Measures to Qualify for the Policy or Reduce Its Cost

28% of organizations made changes in order to reduce their premium — and 22% had to improve their security posture to simply be eligible for the policy.

Netwrix, a cybersecurity vendor that makes data security easy, surveyed more than 1,600 IT and security professionals worldwide to reveal how their organizations reduce the financial impact of a data breach via a cyber insurance policy.

According to the survey, 44% of organizations are insured and 15% plan to purchase a policy within the next 12 months. Before being offered a policy, organizations typically need to go through a security audit by the prospective insurer.

The insurer’s audit will highlight security gaps in the IT ecosystem and provide recommendations on how to overcome them. In some cases, implementing additional security controls is mandatory to even qualify for a policy. In addition, some organizations choose to invest in more security measures because it reduces the cost of the insurance policy.
Dirk Schrader, VP of Security Research at Netwrix

We asked respondents what requirements they had to meet in order to qualify for a policy. The most requested measure was multifactor authentication (MFA), named by 63%, followed by patch management (55%) and regular security training for business users (47%). In addition, 38% said they had to meet requirements for identity and access management (IAM), while 36% revealed they had to implement privileged access management (PAM) controls. Indeed, according to Gartner®, “Insurers often require organizations to deploy a PAM tool, along with MFA for administrative access, to mitigate the risk of breaches and malware events.”*

When addressing the requirements or recommendations from an insurer, it is vital to assess the dependencies between the requested controls. For example, in order to require MFA for access to particular types of data, it is necessary to know where sensitive and regulated data resides, as well as to have control over user and administrative privileges.
Ilia Sotnikov, Security Strategist at Netwrix

To learn more about security trends, check out the complete 2023 Hybrid Security Trends Report.

*Gartner, Magic Quadrant for Privileged Access Management™, Felix Gaehtgens, James Hoover, Michael Kelley, Brian Guthrie, Abhyuday Data, 5 September 2023.

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

about netwrix corporation

Netwrix champions cybersecurity to ensure a brighter digital future for any organization. Netwrix's innovative solutions safeguard data, identities, and infrastructure reducing both the risk and impact of a breach for more than 13,500 organizations across 100+ countries. Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to, and recover from attacks.

For more information, visit

contact us

Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.

Media contact

Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170

Follow us