Is your cyber insurance policy built on what your company says it does, or what it can prove?

In this episode, I speak with Tristan Morris, CEO and co-founder of SplitSecure, and Dylan Hamilton, business development lead, about why the shift from static questionnaires to verifiable controls is reshaping cyber underwriting in 2025 and beyond.

We cover credential theft, privileged access, vendor risk, and why 91% of cyber insurance payouts in 2025 were ransomware-related, even though ransomware represents less than 10% of claims by volume.

If you are an underwriter, broker, CISO, CFO, or general counsel, this episode has direct implications for how you buy, write, and manage cyber risk.

In this episode:

Why questionnaires capture a snapshot, not the truth.

How attackers exploit MFA exceptions.

The three ways MFA gets bypassed in practice.

What verifiable proof of credential discipline looks like.

Why privileged access is the single biggest underwriting differentiator.

The vendor access question every underwriter should be asking.

Resources mentioned:

SplitSecure

Verizon Data Breach Report 2025

IBM Data Breach Report 2025

Delinea Cybersecurity Report 2025

Connect with the guests:

Tristan Morris on LinkedIn

Dylan Hamilton on LinkedIn

Chapters

00:00 The Evolving Landscape of Cyber Insurance

09:22 Understanding the Role of MFA and PAM

14:59 The Financial Impact of Cyber Attacks

21:41 Navigating Credential Management Challenges

25:08 The Future of Cybersecurity Practices

35:29 The Evolution of Cyber Insurance Regulations

38:00 Challenges in Rewarding Best Practices

40:28 The Gray Area of Negligence in Cyber Insurance

44:53 Vendor Risks and Third-Party Access

50:34 The Human Element in Cybersecurity

54:31 Future Trends in Cyber Insurance

59:33 Final Thoughts and Quickfire Questions