UK cyber insurance premiums soar as identity controls tighten

Cyber insurance providers are increasingly basing policy terms and pricing on how robustly UK organisations secure their logins and manage access, new research from Delinea has found.

The study highlights a sharp rise in both premiums and claims, as well as shifting insurer expectations around cyber risk management and the adoption of artificial intelligence (AI) in security protocols.

Rising premiums

The cost of cyber insurance has increased by 70 per cent of UK organisations over the past year. These increases are often linked to stringent new requirements imposed by insurers, particularly concerning identity and access controls. Insurers are ramping up scrutiny during the renewal process, with nearly all organisations undergoing assessments and more than half required to implement an insurer's specified security solution or appliance.

The claims environment has also become more active. In the last 12 months, 72 per cent of UK organisations filed a cyber insurance claim, marking a notable uptick from the previous year's 62 per cent. Despite this, substantial gaps remain in many policies. Only 33 per cent of policies cover lost revenue due to cyber incidents, while just 45 per cent provide support for ransomware negotiations or payments.

Identity controls

97 per cent of respondents reported that identity-related controls directly affected their insurance premium or the terms of their coverage. Privileged Access Management (PAM) emerged as the primary differentiator for underwriters, cited by 41 per cent of respondents. This was followed by Identity Governance and Administration (IGA) at 38 per cent, and controls for third-party and vendor access at 32 per cent.

Nearly half of all reported cyber insurance claims were linked to incidents involving compromised privileged accounts or other identity-related failures, underlining the impact of such controls on both risk and insurability.

"Insurers are sending a clear message: organizations must demonstrate strong identity security maturity if they want affordable coverage, or any coverage at all," said Art Gilliland, CEO, Delinea. "We're seeing a rapid shift from cyber insurance being a financial backstop to an audit of an organization's identity and access posture. Identity-first security is more than just best practice. It's now an underwriting requirement, especially in the age of AI."

AI impact

The introduction and integration of AI in security controls is playing a significant role in the underwriting process. Eighty-six per cent of respondents said their insurers offered premium discounts or credits for incorporating AI into security defences. Among organisations that saw a drop in cyber insurance costs, 64 per cent credited AI adoption as a major factor.

AI-powered threat detection and monitoring was cited by 63 per cent of respondents as the most influential AI-related feature affecting premiums, closely followed by behavioural analytics and auditing at 59 per cent. However, the use of AI also brings new exclusions - with 42 per cent of organisations stating their policy specifically excludes liabilities associated with AI misuse.

Coverage conditions

Security controls are not just influencing pricing but also eligibility and the potential payout of claims. Nearly half (45 per cent) of respondents said their policy could be voided if they failed to meet required security control standards. This underscores the growing link between the adoption of insurer-mandated cyber defences and organisations' ability to both obtain and maintain active coverage.

Insurers have responded to the changing threat environment by demanding higher standards and more transparency, yet at the same time are offering incentives for organisations to deploy advanced technologies to reduce incident risk.