Insurance companies and regulators are giving identity posture much more weight when evaluating cyber risk since one in three cyberattacks now involve compromised employee accounts. However, these evaluations continue to be mainly unknown to many organizations. When assessing cyber risk and insurance costs, factors like password hygiene, privileged access management, and the degree of multi-factor authentication (MFA) coverage are becoming more and more important.

Organizations looking to show reduced risk exposure and obtain better insurance terms must comprehend the identity-centric considerations underlying these evaluations. ## Why underwriting is now driven by identity posture More businesses are using cyber insurance to control their financial risk as the average cost of a data breach worldwide is expected to reach $4.4 million in 2025.

For this reason, MFA is becoming more and more necessary for all privileged accounts, email, and remote access, according to insurers. Companies that disregard it might have to pay more for insurance. ## Four actions to raise your identity cyber score Organizations can enhance identity security in a variety of ways, but insurers seek proof of advancement in a few crucial areas: Organizations are under growing pressure from insurers to show that identity controls are in place and that they are continuously being reviewed and enhanced.

This is supported by Specops Password Auditor, which offers transparent insight into Active Directory password exposure and implements controls that lower credential-based risk.

Speak with a Specops specialist or request a live demo to learn how these controls can be implemented in your setting and in line with insurer requirements.