As cyber threats increase, businesses are bolstering their digital defenses to qualify for cyber insurance. A recent report by Sophos, a cybersecurity solutions provider, revealed that 97% of companies with a cyber policy invested in improving their defenses to secure insurance. Among these, 76% reported that the enhancements enabled them to qualify for coverage, 67% obtained better pricing, and 30% secured improved policy terms.
The survey, “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders,” highlighted a significant gap between recovery costs from cyberattacks and insurance coverage. Only 1% of claimants reported that their carrier covered 100% of the remediation costs, with the primary reason for partial coverage being that the total bill exceeded the policy limit. Additionally, Sophos’ “The State of Ransomware 2024” survey indicated a 50% increase in recovery costs following ransomware incidents, averaging $2.73 million.
Chester Wisniewski, director and global Field CTO at Sophos, stated, “The Sophos Active Adversary report has repeatedly shown that many cyber incidents result from a failure to implement basic cybersecurity best practices, such as timely patching. For example, in our most recent report, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled“.
Wisniewski emphasized that the fact that 76% of companies invested in cyber defenses to qualify for insurance indicates that insurance requirements are pushing organizations to adopt essential security measures. This trend not only helps in obtaining insurance but also has broader positive impacts on overall company security. However, while cyber insurance is beneficial, it is just one component of an effective risk mitigation strategy. Companies must continue to strengthen their defenses to mitigate the operational and reputational impacts of cyberattacks.
Among the 5,000 IT and cybersecurity leaders surveyed, 99% of those who improved their defenses for insurance purposes reported additional security benefits, including enhanced protection, freed IT resources, and fewer alerts.
Investments in cyber defenses are creating a ripple effect, leading to insurance savings that can be redirected to further enhance security measures. As the adoption of cyber insurance grows, it is expected that overall company security will continue to improve. While cyber insurance alone won’t eliminate ransomware attacks, it can be part of a broader solution, according to the report.
