• One in three cyber-attacks now involve compromised employee accounts, driving insurers to focus on identity posture. • Password hygiene, privileged access management, and MFA coverage are key metrics insurers use to assess cyber risk. • Global average data breach cost hit $4.4M in 2025, prompting more firms to purchase cyber insurance. • Tightening underwriting in the UK has raised coverage from 37% to 45% between 2023 and 2025. • Strong identity controls limit single account compromise from escalating into widespread data loss, supporting sustainable underwriting. • Insurers demand password reuse elimination, legacy protocol removal, and MFA adoption to lower credential exposure risk.
Article Summaries:
- In 2026, cyber insurers are shifting their underwriting focus to identity posture, driven by the fact that one‑third of attacks now exploit compromised employee accounts. With global breach costs hitting $4.4 million in 2025 and UK coverage rising from 37 % to 45 % between 2023‑25, insurers are tightening requirements to curb rising claims. Key identity metrics-password hygiene, privileged access management, and MFA coverage-are now central to risk assessment. Firms that can demonstrate robust controls, such as eliminating password reuse, decommissioning dormant accounts, and enforcing MFA on privileged roles, are more likely to secure favorable insurance terms.
Sources: