The 'Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders' report by Sophos reveals that a significant 97% of companies with a cyber policy have bolstered their defenses to meet insurance requirements. This strategic move has not only enabled them to qualify for coverage (76%) but also to negotiate better pricing (67%) and secure improved policy terms (30%).
"The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner," said Chester Wisniewski, director, global Field CTO.
Recovery costs
The survey also revealed that only one percent of companies that made a claim received 100% of the costs incurred while remediating the incident from their carrier, mainly because the total bill exceeded the policy limit.
The 'State of Ransomware 2024' survey underscores the staggering financial impact of ransomware incidents, with recovery costs averaging a substantial $2.73 million, marking a significant 50% increase from the previous year.
Almost all (99%) companies that improved their defenses for insurance purposes observed gaining more comprehensive security benefits, such as improved protection, freed IT resources, and fewer alerts.
"Investments in cyber defenses appear to have a ripple effect in terms of benefits, unlocking insurance savings that organizations can be diverted into other defenses to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies' security will continue to improve. Cyber insurance won't make ransomware attacks disappear, but it could very well be part of the solution," said Wisniewski.
