Sophos released findings from its survey, “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.” The survey report shows that 97% of those with a cyber policy invested in enhancing their defenses to help with insurance, with 76% saying it enabled them to qualify for cyber insurance, 67% to get better pricing, and 30% to secure enhanced policy terms.
The survey indicated that expenses related to recovering from cyberattacks are increasing more rapidly than the coverage provided by insurance. Merely one percent of individuals who filed a claim reported that their insurer covered the entire cost of addressing the incident.
Chester Wisniewski, director, global Field CTO, said, “The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner. In our most recent report, for example, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled,”
“The fact that 76% of companies invested in cyber defenses to qualify for cyber insurance shows that insurance is forcing organizations to implement some of these essential security measures. It’s making a difference, and it’s having a broader, more positive impact on companies overall. However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy. Companies still need to work on hardening their defenses. A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint, and having cyber insurance doesn’t change that.”
The most common reason the policy did not pay for the costs in full was that the total bill exceeded the policy limit. According to The State of Ransomware 2024 survey, recovery costs following a ransomware incident increased by 50% over the last year, reaching an average of $2.73 million.
5,000 IT and cybersecurity professnioals surveyed, it was found that 99% of companies that enhanced their security measures for insurance reasons also experienced additional security advantages as a result of their investments. These benefits included enhanced protection, freed IT resources, and a reduction in alerts.
“Investments in cyber defenses appear to have a ripple effect in terms of benefits, unlocking insurance savings that organizations can be diverted into other defenses to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution,” said Wisniewski.
Read the full “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders,” on Sophos.com.
Also Read: Responding to Cyberbullying with Cyber confidence and resilience
