Most Firms Neglect Identity Recovery Drills

The rapid growth of non-human identities, which now outnumber human employees by an estimated 82-to-1 ratio, has created a massive, often unmonitored, attack surface. Security leaders find these machine identities—such as those for apps, service accounts, and APIs—the most difficult to secure, cited by 51% of professionals as their top challenge. An attack on a core identity system like Active Directory can bring a business to a complete standstill, blocking access to critical applications and data. The financial fallout from such an outage can be severe, with potential losses reaching up to $730,000 per hour due to halted operations, lost revenue, and recovery expenses. Cyber insurance underwriters are now heavily scrutinizing identity security practices, making robust controls a prerequisite for coverage. A recent survey found that 97% of organizations report that their identity security posture directly influences their insurance premiums or coverage terms. Insurers are moving beyond simple questionnaires and are requiring specific, verifiable controls. Underwriting applications now frequently demand evidence of multi-factor authentication (MFA), privileged access management (PAM) for critical accounts, and documented incident response plans for identity-related breaches. A failure to meet these stringent identity management standards can lead to higher premiums, reduced coverage limits, or even outright denial of a policy. For nearly half of organizations, a claim could even be voided if the required security controls were not properly in place at the time of an incident. The claims data reveals a clear trend: identity-based attacks are a major driver of loss. Nearly half (46%) of all cyber insurance claims filed are attributed to incidents involving compromised user or privileged accounts, reinforcing why insurers now view identity security as a non-negotiable underwriting requirement.