Sophos, a prominent cybersecurity solutions provider, has revealed compelling insights from its recent survey indicating a significant trend towards bolstering cyber defences among companies seeking insurance coverage. According to their findings, a staggering 76% of businesses have strengthened their cybersecurity measures specifically to qualify for cyber insurance.
The survey highlights that nearly all companies (97%) holding cyber insurance policies have made strategic investments to fortify their defences, aiming to enhance their eligibility and secure favorable insurance terms. As a result, two-thirds of these businesses have successfully negotiated better pricing, while 30% have secured improved policy terms.
Moreover, the report underscores broader security benefits stemming from these proactive measures. Nearly all respondents (99%) reported enhanced security outcomes, such as heightened protection levels, optimized IT resource allocation, and reduced incidence of security alerts.
Despite these proactive efforts, the survey also reveals concerning insights regarding the adequacy of insurance coverage in the face of escalating cyber threats. Shockingly, only 1% of companies that filed claims found their insurance fully covered the expenses incurred, with most citing policy limits as a restricting factor.
The study further illustrates the escalating financial toll of cyber incidents, with recovery costs from ransomware attacks skyrocketing by 50% over the past year, averaging a staggering $2.73 million per incident.
Chester Wisniewski, Global Field CTO at Sophos, emphasized the critical role of basic cybersecurity practices in mitigating risks, pointing out that compromised credentials remain a leading cause of breaches, despite widespread awareness. Wisniewski stressed that while cyber insurance incentivizes businesses to adopt essential security measures, it should complement, not replace, robust defensive strategies.
He noted, “Investments in cyber defences driven by insurance requirements are proving beneficial beyond mere compliance. They not only unlock potential savings but also contribute to a broader improvement in overall security postures.”
Looking ahead, Wisniewski expressed optimism that increased adoption of cyber insurance will continue to drive improvements in corporate cybersecurity readiness. However, he cautioned that while insurance offers financial protection, it cannot eliminate the threat posed by cyberattacks entirely.
In conclusion, while cyber insurance serves as a valuable risk management tool, Wisniewski emphasized the necessity for businesses to continue hardening their defences and adopting proactive security measures to effectively mitigate the evolving cyber threat landscape.