News for today:
- Identity issues for customers equals issues for the business. New research from Descope confirms that subpar authentication methods and legacy systems for customer identity translates to negative business impacts. … 82% of survey respondents citing at least some negative business impact. Around 52% faced high costs related to auth support tickets, 37% delayed product launches due to identity-related development tasks, and 30% suffered user dropoffs due to complex onboarding. Descope
- Identity security controls central to cyber insurance coverage. Almost all cyber insurers have gone all-in on the importance of identity security controls when assessing insurance eligibility and pricing, per a new report from Delinea. Among the identity controls that matter most, respondents cited Privileged Access Management (PAM) as the top differentiator (41%) in how underwriters viewed their insurability, followed by Identity Governance and Administration (IGA) (38%), and third-party and vendor access controls (32%). Delinea
- … and AI adoption is pretty important, too. From the same report by Delinea, the use of AI in security controls is factoring heavily in insurance decisions. A significant 86% of respondents said their insurers offered premium reductions or credits for their use of AI in security controls. Among those whose overall cyber insurance costs decreased in the past year, 64% credited AI adoption as a key factor. The most cited premium influencer was AI-powered threat detection and monitoring (63%), followed closely by behavioral analytics and auditing (59%). Delinea
- CYE’s new AI capabilities. CYE introduced new AI capabilities for managing cyber exposures, with the intent of shrinking time-to-mitigate. CYE added at least five new capabilities, including AI security posture management: Combining tech and services by CYE’s nation-state–grade team, this program manages enterprises’ AI security posture across organizational AI risk, enterprises’ use of AI across the SDLC, as well as assessing the security posture of internally developed LLMs. CYE
- AegisAI on AI-powered spearphishing. AegisAI released a new report on how AI is impacting spearphishing, including significant growth in annual phishing volumes, use of compromised infrastructure, and more. AI-generated attacks eliminate every one of these red flags… They are contextually relevant, capable of referencing a recent company project, a colleague’s name, or a target’s recent post on LinkedIn. As AI-generated fakes become indistinguishable from legitimate communication, the effectiveness of user training will drop rapidly. We can no longer ask employees to be the shield when the arrows have become invisible. AegisAI
- Netskope and Microsoft. Netskope released new integrations between its security products and various Microsoft products, e.g., Netskope One and Microsoft Purview (for DLP) and Netskope CASB and Microsoft 365 Copilot. … administrators can connect their managed Microsoft 365 Copilot instance to Netskope’s CASB API to gain greater visibility and apply data-at-rest policies, helping businesses foster responsible AI adoption and ensure that sensitive information is not inadvertently shared, misused, or exposed through AI interactions. Netskope enables enterprises to enforce security via DLP and threat protection policies, receive near-real-time alerts, and monitor user activity— helping ensure safe and seamless Microsoft 365 Copilot rollout and adoption. Netskope