Sophos recently released the results of their study. According to the findings, nearly all companies have invested in a cybersecurity system that supports their defense measures, with a staggering 97 percent having implemented this crucial infrastructure. Seventy-six percent of respondents indicated that they consider themselves qualified for coverage as a result. Sixty-seven percent of customers received more favorable prices and thirty percent improved their contractual terms.
According to the report, restoration costs following a cyberattack exceed insurance coverage. Only one percent of those reporting damage had their insurer cover 100% of the costs incurred in rectifying the incident. The most common reason for incomplete reimbursement is that the final bill exceeds the insurance limit. According to Sophos’ latest report, the cost of restoring systems after a ransomware attack increased by 50% year-on-year to approximately €2.55 million.
According to Chester Wisniewski, CTO of Sophos, “Many cyber insurance providers have consistently found themselves in a scenario where fundamental, tried-and-true approaches to cybersecurity are not being implemented; for instance, timely patching.” While compromised login credentials often top the list of attack triggers in our latest survey, further investigation reveals a more complex landscape with multiple factors at play. While a multi-factor authentication gap could be effectively plugged, our research suggests that only 43% of companies have implemented such an additional security layer.
The fact that 76 percent of businesses have invested in their cyber defense to qualify for a cyber insurance policy indicates that insurers are compelling companies to implement these essential security measures. This makes a difference and has a constructive overall impact on the cyber resilience of companies in general. While a cyber insurance policy for businesses can offer numerous benefits, it is crucial to acknowledge that it constitutes only one aspect of an effective risk minimization strategy. Companies must continue to fortify their defenses. A sophisticated cyberattack can have profound and far-reaching consequences for an organisation, extending beyond operational disruption to impact its very reputation. However,
Of the 5,000 IT and cybersecurity leaders surveyed, a staggering 99% of those who enhanced their defense measures in response to a police request reported gaining additional security benefits beyond mere insurance coverage. To achieve this, a better shield is required, freed-up IT resources and fewer alarm bells need to be addressed.
Investments in cybersecurity appear to have constructive side effects, as they release savings from insurance premiums that companies can reinvest in other protective measures to enhance their security posture. As cyber insurance spreads, so too will hopefully the security of businesses improve. As cybercrime’s nefarious tactics evolve, a police force’s efforts to eradicate ransomware attacks won’t disappear, but they could certainly be part of the solution.
In an independent survey of 5,000 IT and cybersecurity leaders, participants from January to February 2024 shared their insights. Fourteen countries from America, EMEA, and the Asia-Pacific region participated with organization sizes ranging from 100 to 5,000 employees. Revenue fluctuates between less than $10 million and more than $5 billion USD.
