76% of companies boost cyber defenses to qualify for insurance

As cyber threats grow, businesses are strengthening their digital defenses to qualify for cyber insurance. A recent report by Sophos, a cybersecurity solutions provider, revealed that 97% of companies with a cyber policy invested in improving their defenses to secure insurance. Of these, 76% said the improvements enabled them to qualify for coverage, 67% to obtain better pricing, and 30% to secure improved policy terms. 

The survey, "Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders," highlighted a significant gap between recovery costs from cyberattacks and insurance coverage. Only 1% of claimants reported that their carrier covered 100% of the remediation costs. The primary reason for partial coverage was that the total bill exceeded the policy limit. Additionally, Sophos' "The State of Ransomware 2024" survey indicated a 50% increase in recovery costs following ransomware incidents, averaging $2.73 million. 

“The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner. In our most recent report, for example, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled,” said Chester Wisniewski, director, global Field CTO. 

Wisniewski emphasized that the fact that 76% of companies invested in cyber defenses to qualify for insurance indicates that insurance requirements are pushing organisations to adopt essential security measures. This trend not only helps in obtaining insurance but also has broader positive impacts on overall company security. However, while cyber insurance is beneficial, it is just one component of an effective risk mitigation strategy. Companies must continue to strengthen their defenses to mitigate the operational and reputational impacts of cyberattacks. 

Among the 5,000 IT and cybersecurity leaders surveyed, 99% of those who improved their defenses for insurance purposes reported additional security benefits, including enhanced protection, freed IT resources, and fewer alerts. 

Investments in cyber defenses are creating a ripple effect, leading to insurance savings that can be redirected to further enhance security measures. As the adoption of cyber insurance grows, it is expected that overall company security will continue to improve. While cyber insurance alone won't eliminate ransomware attacks, it can be part of a broader solution, according to the report.