76 percent of companies are boosting their cyber defenses
Sophos has published the latest results of its report "Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders". It reveals that 97 percent of companies with a cyber policy have invested in their defenses to support the insurance.
76% state that they qualified for cover as a result. 67 percent received more favorable prices and 30 percent improved their contract conditions.
Restoration costs exceed cover values
The report also reveals that the recovery costs following a cyberattack exceed the insurance cover. Only 1 percent of those who reported a claim had their insurer pay 100 percent of the costs incurred in recovering from the incident. The most common reason for not being fully reimbursed is that the final bill exceeds the insurance limit. According to this year's ransomware report from Sophos, the recovery costs following a ransomware attack increased by 50 percent compared to the previous year. You can expect to pay around 2.55 million euros.
Companies lack basic safety best practices
"The Sophos Active Adversary Report has repeatedly shown that many cyber insurance providers find themselves in a situation where basic cyber security best practices have not been implemented. For example, timely application of patches. In our recent report, compromised credentials ranked number one when it comes to causes of an attack, yet 43% of organizations have not implemented multi-factor authentication," said Chester Wisniewski, CTO Sophos.
"The fact that 76 percent of businesses have invested in their cyber defenses to qualify for cyber insurance shows that insurers are forcing companies to adopt some of these essential security measures. This makes a difference, and has a broader, more positive impact on businesses overall. While cyber insurance brings many benefits to businesses, it is only one part of an effective risk mitigation strategy. Companies must continue to upgrade their defenses. After all, a cyberattack can have a profound impact on an organization, both in terms of operations and reputation. And a cyber policy alone will not change that".
Investments in cyber defense have positive side effects
Of the 5,000 IT and cybersecurity executives surveyed, 99 percent of those who improve their defenses for a policy say they also gain broader security benefits beyond insurance coverage. An effect of their investment, including increased protection, freed up IT resources and fewer alerts.
"Investing in cyber defense seems to have positive side effects, as it frees up insurance savings that companies can invest in other protective measures to improve their security posture. As cyber insurance becomes more widespread, companies' security will - hopefully - also improve. A policy won't make ransomware attacks go away, but it could well be part of the solution," says Wisniewski.
Source: www.sophos.de
