According to the report, 76% of respondents stated these investments helped them qualify for cyber insurance coverage protection, 67% stated they led to decrease costs, and 30% reported they had been capable of safe improved insurance coverage phrases. But regardless of these enhancements, the price of recovering from a cyber assault nonetheless exceeds the quantity of insurance coverage protection.
According to the survey, only one% of those that filed claims obtained a full reimbursement from their insurance coverage firm, and the primary cause for the shortage of compensation was that the whole prices exceeded the insurance coverage limits. According to a associated survey, “The State of Ransomware 2024,” the price of restoration after a ransomware incident soared by 50% final 12 months, reaching a mean of $2.73 million.
Chester Wisniewski, Global Field CTO at Sophos, commented on the survey findings, highlighting frequent root causes of cyber incidents: “Sophos’ Active Adversary stories repeatedly present that lots of the cyber incidents confronted by companies are the results of failing to implement fundamental cybersecurity greatest practices, reminiscent of well timed patching. For instance, in our most up-to-date report, compromised credentials had been the primary root reason for assaults, but 43% of companies didn’t have multi-factor authentication enabled,” he stated.
Wisniewski highlighted the function of cyber insurance coverage in driving enhancements, however warned that insurance coverage alone isn’t sufficient. “The undeniable fact that 76% of companies have invested in cyber defenses to qualify for cyber insurance coverage reveals that insurance coverage is forcing organizations to implement a few of these important safety measures – it is making a distinction and having a broader, extra optimistic affect throughout the enterprise. But cyber insurance coverage, whereas useful to companies, is just one a part of an efficient danger mitigation technique – companies should proceed to work to shore up their defenses. Cyber assaults can have a major affect on companies from each an operational and reputational perspective, and having cyber insurance coverage would not change that,” he added.
The survey concerned 5,000 IT and cybersecurity leaders from 14 international locations throughout the Americas, EMEA and Asia Pacific. Organizations surveyed ranged in dimension from 100 to five,000 workers, with revenues starting from lower than $10 million to greater than $5 billion.
A key discovering from the survey is that 99% of companies that elevated their defenses for insurance coverage functions additionally reported broader safety advantages, together with elevated safety, freed up IT assets and fewer safety alerts, suggesting that investments in cybersecurity are having a broader optimistic affect past merely being insured.
Wisniewski concluded by discussing the potential long-term advantages of adopting cyber insurance coverage, saying, “Investing in cyber protection has a ripple impact when it comes to advantages, unlocking financial savings on insurance coverage premiums that organizations can redirect in direction of different defenses and enhance their safety posture extra broadly. As cyber insurance coverage adoption will increase, we count on companies to proceed to turn into safer. Cyber insurance coverage is not going to remove ransomware assaults, however it might very effectively be a part of the answer.”
Data for the “Cyber Insurance and Cyber Defense 2024: Lessons from IT and Cybersecurity Leaders” report was collected by a vendor-neutral survey carried out between January and February 2024. The complete report options world findings and sector-specific knowledge and is on the market on the Sophos web site.