Sophos’s new survey titled “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders” has revealed the rising positive shift in cybersecurity bolstering that seems to correlate with insurance requirements.
Conducted between January and February 2024, covering 5,000 cybersecurity and IT leaders from 14 countries across the Americas, EMEA, and Asia Pacific. The surveyed organizations ranged from small to large, with employees numbering between 100 and 5,000, and revenues ranging from less than $10 million to over $5 billion.
The survey states that a staggering 97% of companies who have cyber insurance policies implemented have seen investments pooled into leveling up cybersecurity infrastructure with 76% saying it helped them qualify for coverage, 67% reported getting better pricing, and 30% managed to secure improved policy terms.
On the other hand, an overwhelming 99% of those who enhanced their defenses for insurance reasons reported broader security benefits, including better protection, more available IT resources, and fewer alerts.
Despite the numbers and trend are moving in a good direction, the report also revealed the “uglier”, back side of the story – Recovery costs from cyberattacks are outstripping insurance coverage.
It is further elaborated only 1% of respondents had their carrier fully covering them from top to toe in terms of remediation costs. Where’s the rest of the 99%? Those are “partial” coverage because they just couldn’t afford their bill of recovering from a disastrous attack. The phenomenon is just part of the growing damages inflicted by ransomware incidents, surging by 50% over the past year, now averaging $2.73 million.
Chester Wisniewski, Sophos’ Global Field CTO, emphasized that many cyber incidents stem from neglecting basic cybersecurity practices. For instance, compromised credentials were the top cause of attacks, yet 43% of companies hadn’t enabled multi-factor authentication.
He also pointed out that the fact that 76% of companies are improving their cyber defenses to qualify for insurance shows the positive impact insurance requirements can have on overall security. However, he stressed that insurance alone isn’t enough; companies must continue to strengthen their defenses to mitigate the risks and impacts of cyberattacks.
He finished off by adding, “Investments in cyber defenses not only unlock insurance savings but also help improve overall security. While cyber insurance won’t eliminate ransomware attacks, it can certainly be part of the solution.”
You can learn about the report by clicking here.
