Sophos, a global leader in cybersecurity solutions, has released the findings from its survey, “Cyber Insurance and Cyber Defenses 2024: Insights from IT and Cybersecurity Leaders.” The report indicates that 97% of organizations with a cyber insurance policy invested in strengthening their defenses to meet insurance requirements. Among these, 76% improved their cybersecurity to qualify for coverage, 67% to obtain better pricing, and 30% to secure more favorable policy terms.
The survey also highlighted that the costs of recovering from cyberattacks are surpassing insurance coverage. Only 1% of claimants reported their insurance fully covered remediation costs. The primary reason for incomplete coverage was that expenses exceeded policy limits. According to the “State of Ransomware 2024” survey, the average recovery cost from ransomware attacks has surged by 50% in the past year, reaching $2.73 million.
Chester Wisniewski, Global Field CTO at Sophos, noted that many cyber incidents result from neglecting basic cybersecurity practices, such as timely patching. For instance, compromised credentials were the leading cause of attacks, yet 43% of companies lacked multi-factor authentication. Wisniewski emphasized that the push for cyber insurance is prompting organizations to adopt crucial security measures, yielding broader positive impacts.
The survey of 5,000 IT and cybersecurity leaders revealed that 99% of those who enhanced their defenses for insurance also experienced broader security benefits, such as improved protection, freed IT resources, and fewer alerts. Wisniewski added that investments in cybersecurity create a ripple effect, leading to insurance savings that can be reinvested into further security enhancements. While cyber insurance is not a panacea, it contributes to a comprehensive risk mitigation strategy.
The data for the report was gathered from a vendor-neutral survey conducted between January and February 2024, involving cybersecurity and IT leaders from 14 countries across the Americas, EMEA, and Asia Pacific. The surveyed organizations had between 100 and 5,000 employees and revenues ranging from less than $10 million to over $5 billion.
