76% of Companies Improve Cyber Security Measures to Meet Requirements for Cyber Insurance


Impact of Cyber Insurance on Security Investments: Insights from IT and Cybersecurity Leaders

A recent survey conducted by security company Sophos sheds light on the growing impact of cyber insurance on security investments. The report, titled “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders,” reveals that 97% of organizations with a cyber policy have enhanced their defenses to meet insurance requirements.

Among these organizations, 76% reported that the improvements helped them qualify for coverage, while 67% achieved better pricing and 30% obtained improved policy terms. However, despite these enhancements, the survey also highlighted a concerning trend – recovery costs from cyberattacks are surpassing insurance coverage. Only one percent of those who made a claim stated that their carrier funded 100% of the costs incurred during incident remediation.

Chester Wisniewski, director of global Field CTO at Sophos, emphasized the importance of implementing basic cybersecurity best practices to prevent cyber incidents. He noted that while cyber insurance can incentivize organizations to invest in security measures, it is just one part of an effective risk mitigation strategy.

The survey, which included responses from 5,000 IT and cybersecurity leaders, also revealed that companies that improved their defenses for insurance purposes experienced broader security benefits beyond insurance coverage. These benefits included improved protection, freed IT resources, and fewer alerts.

As cyber insurance adoption continues to rise, Wisniewski hopes that companies’ overall security posture will continue to improve. While cyber insurance may not eliminate ransomware attacks entirely, it can play a crucial role in mitigating their impact. The data for the survey was collected from a vendor-agnostic study of cybersecurity/IT leaders from 14 countries across the Americas, EMEA, and Asia Pacific, with organizations ranging from 100 to 5,000 employees and revenue varying from less than $10 million to over $5 billion.

Related articles

Recent articles