Sophos, a global security solutions company, has unveiled findings from its latest survey, “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.” The report highlights that 97% of companies with a cyber policy have invested in improving their defenses, with 76% successfully qualifying for coverage, 67% securing better pricing, and 30% obtaining improved policy terms.
However, the survey also indicates that recovery costs from cyberattacks are exceeding insurance coverage limits. Only 1% of claimants reported that their insurance carrier covered 100% of the remediation costs. The primary reason for partial coverage was the total bill surpassing the policy limit. According to the State of Ransomware 2024 survey, recovery costs following ransomware incidents have surged by 50% over the past year, averaging $2.73 million.
Chester Wisniewski, Director, Global Field CTO at Sophos, commented, “Our Active Adversary report consistently shows that many cyber incidents result from a lack of basic cybersecurity practices, like timely patching. For instance, compromised credentials were the top root cause of attacks in our latest report, yet 43% of companies didn’t have multi-factor authentication enabled.”
Wisniewski added, “The fact that 76% of companies invested in cyber defenses to qualify for insurance demonstrates that insurance is driving the adoption of essential security measures. While cyber insurance is beneficial, it’s just one part of an effective risk mitigation strategy. Companies must continue to strengthen their defenses to mitigate the operational and reputational impacts of cyberattacks.”
The survey, which included 5,000 IT and cybersecurity leaders, revealed that 99% of companies improving defenses for insurance purposes also gained broader security benefits, including enhanced protection, reduced IT workload, and fewer alerts.
“Investments in cyber defenses provide a ripple effect of benefits, allowing organizations to reinvest insurance savings into further security improvements. While cyber insurance won’t eliminate ransomware attacks, it can be part of the solution,” Wisniewski stated.
The “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders” report is based on a vendor-agnostic survey conducted between January and February 2024. The survey covered 5,000 cybersecurity/IT leaders from 14 countries across the Americas, EMEA, and Asia Pacific, with organizations ranging from 100 to 5,000 employees and revenues from under $10 million to over $5 billion.
For more global findings and sector-specific data, read the full report on Sophos.com.
