A survey by cybersecurity specialist Sophos found that almost all companies (97 percent) with a cybersecurity policy invest in their defenses for insurance purposes. As a result, 76 percent of the organizations surveyed were actually able to qualify for coverage, 67 percent were able to get a better price, and 30 percent were able to get better insurance terms.
The study also shows that recovery costs from cyber attacks exceed insurance coverage. Only one percent of organizations that filed a claim said their insurance company fully covered the cost of the restoration. The most common reason for claims not being fully reimbursed was that the total amount exceeded the policy limit. According to the study, recovery costs following a ransomware incident have increased by half over the past year to an average of €2.55 million.
Best practice
“The Sophos Active Adversary report has repeatedly shown that many cyber incidents are caused by failure to implement basic cybersecurity best practices, such as timely patching,” said Chester Wisniewski, Global Field CTO at Sophos. “In our latest report, for example, compromised credentials were the leading cause of attacks, while 43 percent of organizations did not enable multi-factor authentication (MFA). The fact that 76 percent of organizations have invested in cyber defenses to qualify for cyber insurance, indicates that insurers are pushing organizations to implement a number of essential security measures.’
While cyber insurance is a plus for organizations, Wisniewski says it’s only one part of an effective risk reduction strategy. Organizations must continue to work to strengthen their defenses. A cyber attack can have significant consequences, regardless of whether organizations have cyber insurance or not.
Data from the 2024 Cyber Insurance and Cyber Defense: Lessons Learned IT and Cyber Security Executives report comes from a survey of five thousand cybersecurity/IT executives across the Americas, EMEA and Asia Pacific.
