"With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are increasingly influential in how cyber risk and insurance costs are evaluated. Understanding the identity-centric factors behind these assessments is critical for organizations seeking to demonstrate lower risk exposure and secure more favorable insurance terms."
"With the global average cost of a data breach reaching $4.4 million in 2025, more organizations are turning to cyber insurance to manage financial exposure. In the UK, coverage has increased from 37% in 2023 to 45% in 2025, but rising claims volumes are prompting insurers to tighten underwriting requirements. Credential compromise remains one of the most reliable ways for attackers to gain access, escalate privileges, and persist within an environment."
"Despite the growing use of multi-factor authentication and passwordless initiatives, passwords still play a key role in authentication. Organizations should pay particular attention to the behaviors and issues that increase the risk of credential theft and abuse, including: Password reuse across identities, particularly among administrative or service accounts, increases the likelihood that one stolen credential leads to broader access. Legacy authentication protocols are still common in networks and frequently abused to harvest credentials."
One in three cyber-attacks involve compromised employee accounts, prompting insurers and regulators to emphasize identity posture in cyber risk assessments. Assessments remain opaque for many organizations, but factors such as password hygiene, privileged access management, and MFA coverage increasingly influence insurance evaluation. With average breach cost $4.4 million in 2025 and rising claims, insurers are tightening underwriting. Credential compromise enables attackers to access, escalate, and persist; strong identity controls reduce propagation and data loss risk. Insurers look for reduced password reuse, mitigation of legacy authentication abuse, and broad MFA coverage to lower perceived exposure.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]