Adrian Johnson
TLDR:
76% of companies have enhanced their cyber defences to qualify for cyber insurance, according to a survey by Sophos. Companies with cyber insurance policies invested in improving their defences to secure better pricing and policy terms. Recovery costs from cyberattacks are exceeding insurance coverage, with only 1% of claims fully covered. Investments in cyber defences have a ripple effect in improving overall security posture.
According to Sophos, 76% of companies enhanced their cyber defences in order to qualify for cyber insurance. This finding comes from a recent survey conducted by the cybersecurity solutions provider, which also revealed that 97% of companies with cyber insurance policies invested in improving their defences to help secure insurance. The report showed that among those who enhanced their defences, 67% were able to secure better pricing for their insurance and 30% obtained improved policy terms.
Despite the efforts to enhance cyber defences, the survey found that recovery costs from cyberattacks are exceeding insurance coverage. Only 1% of companies who made a claim had their insurance fully cover the costs of dealing with an incident. The most common reason for this was that expenses exceeded the policy limits. The State of Ransomware 2024 survey highlighted that recovery costs after a ransomware attack have risen by 50% in the past year, averaging $2.73 million.
Chester Wisniewski, Global Field CTO at Sophos, emphasized the importance of implementing basic cybersecurity best practices, such as patching in a timely manner and enabling multi-factor authentication. While cyber insurance can benefit companies by forcing them to improve their security measures, Wisniewski noted that it is just one part of an effective risk mitigation strategy. He highlighted the need for companies to continue working on hardening their defences to protect against cyber threats.
Overall, investments in cyber defences not only help companies qualify for cyber insurance but also have a broader positive impact on their security posture. As cyber insurance adoption continues to grow, it is hoped that companies will continue to improve their security measures to better protect against cyber threats. Cyber insurance may not make ransomware attacks disappear, but it can be a part of the solution in enhancing overall cybersecurity.
