’While cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy,’ says global director
The costs of recovering from cyber attacks are outstripping the value of insurance coverage, according to the latest findings from cyber security software firm Sophos.
The firm’s Cyber insurance and cyber defences 2024: Lessons from IT and cyber security leaders report revealed that only 1% of those that made a claim said their insurance had funded 100% or more of the costs incurred while remediating an incident.
According to the report, the most common reason for the policy not having paid for the costs in full was due to the total bill for recovery exceeding the policy limit.
And according to the firm’s earlier The State of Ransomware 2024 report (published 30 April 2024), recovery costs following a ransomware incident increased by 50% over the last year to reach an average of £2.15m ($2.73m).
Sophos’ report surveyed 5,000 IT and cyber security leaders from companies with between 100 and 5,000 employees across 14 countries, including the UK, between January and February 2024.
Despite the results showing that cyber cover was not fully remediating the costs of cyber attacks, the majority of surveyed professionals reported that they had some form of cyber protection.
The report found that 90% of organisations had some form of cyber coverage.
Half of respondents said they had a standalone policy, while 40% said they had cyber cover as part of a wider business insurance policy, such as general liability.
In the UK, 54% of respondents had purchased a standalone cyber insurance policy.
A standalone cyber insurance policy reimburses the insurer for the costs incurred in response to a breach, such as cyber extortion costs.
Risk mitigation
Sophos director and global field chief technology officer Chester Wisniewski said: “As cyber insurance adoption continues, hopefully companies’ security will continue to improve.
Read: Nearly half of cyber professionals do not have the budget for adequate protection – Coalition
Read:UK insurance market over cyber ‘hurdle’
Explore more cyber-related content here or discover other news stories here
”Companies still need to work on hardening their defences. A cyber attack can have profound impacts from both an operational and a reputational standpoint and having cyber insurance doesn’t change that. However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy.”
The research showed that risk mitigation strategies can also positively influence the cost or availability of cyber insurance, however. Just over three quarters (76%) of respondents said that investing in improved security had helped their firms to qualify for cyber coverage
A further 67% of respondents noted that they invested in cyber defences to help with policy pricing, while 30% said they had to get better policy terms.
Wisniewski added: “The fact that 76% of companies invested in cyber defences to qualify for cyber insurance shows that insurance is forcing organisations to implement some of these essential security measures. It’s making a difference and it’s having a broader, more positive impact on companies overall.”
No comments yet