Cybersecurity

Cyber: Identity Cyber Scores: The New Metric Shaping Cyber Insurance In 2026

2026-02-20 0 views admin
Cyber: Identity Cyber Scores: The New Metric Shaping Cyber Insurance In 2026

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.

For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are increasingly influential in how cyber risk and insurance costs are evaluated.

Understanding the identity-centric factors behind these assessments is critical for organizations seeking to demonstrate lower risk exposure and secure more favorable insurance terms.

With the global average cost of a data breach reaching $4.4 million in 2025, more organizations are turning to cyber insurance to manage financial exposure. In the UK, coverage has increased from 37% in 2023 to 45% in 2025, but rising claims volumes are prompting insurers to tighten underwriting requirements.

Credential compromise remains one of the most reliable ways for attackers to gain access, escalate privileges, and persist within an environment. For insurers, strong identity controls reduce the likelihood that a single compromised account can lead to widespread disruption or data loss, supporting more sustainable underwriting decisions.

Despite the growing use of multi-factor authentication and passwordless initiatives, passwords still play a key role in authentication. Organizations should pay particular attention to the behaviors and issues that increase the risk of credential theft and abuse, including:

From an underwriting perspective, evidence that an organization understands and actively manages these risks is often more important than the presence of individual technical controls. Regular audits of password hygiene and credential exposure help demonstrate maturity and intent to reduce identity-driven risk.

Privileged access management is a critical measure of an organization’s ability to prevent and mitigate breaches. Privileged accounts can have high-level access to systems and data, but are frequently over-permissioned. As a result, insurers pay close attention to how these accounts are governed.

Service accounts, cloud administrators, and delegated privileges outside central monitoring significantly elevate risk. This is especially true when they operate without MFA or logging.

Excessive membership in Domain Admin or Global Administrator roles and overlapping administrative scopes all suggest tha

Source: The Hacker News

🏷️ Tags

breachattack

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views