According to a recent survey by Sophos, a global company specializing in innovative security solutions, 76% of businesses have enhanced their cyber defenses in order to qualify for cyber insurance. This data comes from the report “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.”
Investment in cyber defenses to obtain coverage
The report reveals that 97% of companies with a cybersecurity policy have invested in improving their defenses to facilitate obtaining insurance. Among these companies, 76% stated that these improvements allowed them to access coverage, 67% achieved better prices, and 30% secured better terms in their policies.
The survey, conducted by Vanson Bourne between January and February 2024, collected responses from 5,000 IT and cybersecurity leaders in 14 countries, representing organizations with 100 to 5,000 employees. The goal was to provide a real insight into the adoption of cyber insurance, claims payments, and the relationship between cyber defenses and insurance coverage.
The balance between treatment and transfer of cyber risks
Managing cyber risk through the implementation of cybersecurity controls and changing user behaviors, along with transferring risk through cyber insurance, are complementary approaches in cyber risk management. Organizations must identify the right balance between these approaches for effective risk management.
Factors driving the adoption of cyber insurance
The adoption of cyber insurance is common among medium-sized organizations, with 90% of them having some form of coverage. The main motivation for acquiring cyber insurance is the general awareness of the impact of cyber attacks, mentioned by 48% of respondents. Other factors include cybersecurity risk mitigation strategy (45%) and the need to work with clients or business partners requiring such coverage (42%).
Additional benefits of investments in cyber defenses
In addition to facilitating access to cyber insurance, investments in cyber defenses have provided other significant benefits to organizations. 99% of companies that improved their defenses reported additional benefits, such as better protection, fewer alerts, and time savings for IT staff. These benefits reinforce the importance of considering cybersecurity investments comprehensively, not just as individual components.
Coverage and claims payments
The report highlights that insurers almost always pay claims, although they rarely cover the total cost of the incident. On average, insurers paid 63% of the total incident cost, with the modal payment range between 71% and 80%. The main reasons insurers do not cover the total cost include exceeding the policy limit, incurring costs without insurer permission, and failing to meet required cyber defenses.
Sophos’ survey emphasizes the importance of taking a holistic approach to cyber risk management, leveraging the interaction between cyber defenses and cyber insurance. Smart investments in cyber defenses not only make access to more affordable insurance easier but also enhance overall protection and reduce the likelihood of experiencing a significant cyber attack.