TL;DR: Cyber insurance is expanding because high-profile breaches and rising loss totals have made breach coverage a board-level concern, but underwriters still struggle to price risk from incomplete incident data and hard-to-quantify reputational harm, according to SentinelOne. The real issue is not insurance availability, but the absence of reliable security metrics that connect control posture to loss outcome.
NHIMG editorial — based on content published by SentinelOne: cyber insurance, breach losses, and the underwriting challenge
By the numbers:
- A Forbes Insight report showed 46% of companies suffered damage to their reputations and brand value as a result of a cyber breach.
Questions worth separating out
Q: What makes cyber insurance difficult to price for security teams?
A: Cyber insurance is difficult to price because breach frequency, loss severity, and disclosure quality vary widely across organisations.
Q: Why do identity controls affect cyber insurance terms?
A: Identity controls affect insurance terms because access records help prove what was exposed, how far an attacker could move, and whether the organisation can contain loss quickly.
Q: What do security teams get wrong about breach cost?
A: Teams often focus on technical recovery alone, but breach cost also includes legal fees, notification, call centres, customer compensation, reputation damage, and lost sales.
Practitioner guidance
- Map insured loss scenarios to identity control evidence Document which access logs, privilege records, rotation history, and offboarding events would be needed to reconstruct a breach for underwriting and claims.
- Reduce standing privilege across human and non-human identities Review service accounts, API keys, tokens, and admin accounts for persistent access that can inflate both breach scope and insurer uncertainty.
- Align incident telemetry with insurance questionnaires Make sure audit logs, identity lifecycle records, and privileged access reviews can answer the same questions insurers ask about control maturity and loss containment.
What's in the full article
SentinelOne's full article covers the operational detail this post intentionally leaves for the source:
- How the article breaks down insurance market pressure across premium growth, underwriting scrutiny, and supply constraints.
- The Target breach cost breakdown, including the split between covered and uncovered losses.
- The discussion of insurer audits, policy exclusions, and why some fraud or espionage scenarios fall outside coverage.
- SentinelOne's endpoint protection positioning and how it ties attack prevention to claims avoidance.
👉 Read SentinelOne's analysis of cyber insurance, breach losses, and underwriting pressure →
Cyber insurance and breach loss modelling: what security teams miss?
Explore further
Breach cost modelling is increasingly an identity governance problem. The article focuses on insurance economics, but the underlying issue is whether organisations can prove who or what had access, when, and under what control. That is especially relevant where NHIs, service accounts, and delegated credentials create ambiguous access paths that are hard to measure after an incident. Practitioners should treat identity evidence as part of loss modelling, not only part of authentication hygiene.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when privileged access failures affect a cyber insurance claim?
A: Accountability usually sits with whoever owns access governance, security operations, and the system that granted or retained the privilege. In practice that often spans IAM, PAM, platform teams, and business owners. If no one can produce evidence quickly, the organisation inherits both operational and financial exposure.
👉 Read our full editorial: Cyber insurance pricing shows why breach loss is still hard to model