Sophos, a provider of cybersecurity solutions, released findings from its recent survey, showing that 76% of companies enhanced their cyber defences to qualify for cyber insurance.
The report found that 97% of companies with a cyber insurance policy invested in improving their defences to help with insurance. Among these, 67% secured better pricing and 30% obtained improved policy terms.
Furthermore, 99% of companies that enhanced their defences for insurance purposes reported additional security benefits, such as better protection, freed-up IT resources, and fewer security alerts.
The survey also found that recovery costs from cyberattacks are exceeding insurance coverage. Only 1% of those who made a claim had their insurance fully cover the costs of dealing with an incident, with the most common reason being that expenses exceeded the policy limits.
According to The State of Ransomware 2024 survey, recovery costs after a ransomware attack have risen by 50% in the past year, averaging $2.73 million.
Chester Wisniewski, Global Field CTO at Sophos, noted, “The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner. In our most recent report, for example, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled.
“The fact that 76% of companies invested in cyber defences to qualify for cyber insurance shows that insurance is forcing organisations to implement some of these essential security measures. It’s making a difference, and it’s having a broader, more positive impact on companies overall.
“However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy. Companies still need to work on hardening their defences. A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint, and having cyber insurance doesn’t change that.
“Investments in cyber defences appear to have a ripple effect in terms of benefits, unlocking insurance savings that organisations can be diverted into other defences to more broadly improve their security posture.
“As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution,” Wisniewski concluded.
