By Francis Allan L.Angelo
A recent survey by global cybersecurity leader Sophos reveals that 76% of companies with cyber insurance have enhanced their cyber defenses to qualify for coverage. The findings, part of the report “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders,” highlight the increasing importance of robust cybersecurity measures in today’s threat landscape.
The survey, which polled 5,000 IT and cybersecurity leaders from around the world, found that 97% of companies with a cyber policy had invested in improving their defenses, with 76% saying these improvements were essential for qualifying for coverage.
Additionally, 67% of respondents reported receiving better pricing, and 30% secured improved policy terms as a result of their strengthened security posture.
However, the report also underscores a concerning trend: the rising costs of recovering from cyberattacks are outpacing the coverage provided by insurance. Only 1% of companies that filed a claim reported that their insurance covered 100% of the costs.
The primary reason cited was that the total expenses exceeded the policy limits. This aligns with findings from the “State of Ransomware 2024” survey, which revealed that average recovery costs following a ransomware attack have surged by 50% in the past year, reaching an average of $2.73 million.
Chester Wisniewski, Sophos’ director and global Field CTO, noted, “The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner. In our most recent report, for example, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled.”
Wisniewski emphasized that while the increased investment in cybersecurity is driven by insurance requirements, it is having a broader positive impact on companies’ overall security.
“The fact that 76% of companies invested in cyber defenses to qualify for cyber insurance shows that insurance is forcing organizations to implement some of these essential security measures. It’s making a difference, and it’s having a broader, more positive impact on companies overall.”
The survey also found that 99% of companies that improved their defenses for insurance purposes experienced additional security benefits, such as enhanced protection, reduced IT workload, and fewer security alerts.
Wisniewski added, “Investments in cyber defenses appear to have a ripple effect in terms of benefits, unlocking insurance savings that organizations can divert into other defenses to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution.”
The data for this report was collected between January and February 2024 and included participants from 14 countries across the Americas, EMEA, and Asia-Pacific regions.
The surveyed organizations ranged in size from 100 to 5,000 employees, with revenues spanning from less than $10 million to more than $5 billion.
