Cyber insurance and cyber defense work very well together. In the face of inevitable cyberattacks, the two enable organizations to lower their cyber risk management total cost of ownership (TCO) while reducing the chances of experiencing a major incident. Sophos reached that conclusion in its latest report, Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.
Improving an organization’s cyber defenses can help with their cyber insurance. The report found that 97 percent of respondents surveyed did this to improve their cyber insurance position. Over three-quarters of businesses improved their cyber defenses to qualify for coverage. Another 67 percent said they did it to get improved pricing on their premiums. And another 30 percent did it to obtain better terms on their policies.
What Is Enough Coverage?
Recovery costs for cyberattacks are outpacing cyber insurance payouts. Only one percent of insured businesses said their carrier funded 100 percent of the costs incurred. For many companies, however, policies failed to cover all costs because damages surpassed coverage limits. This cost reality was detailed in Sophos’ The State of Ransomware 2024 survey, which showed ransoms increasing to an average of $2.73 million, up 50 percent over the previous year.
With 76 percent of companies investing in cyber defenses to qualify for cyber insurance, this indicates that insurance is forcing organizations to implement some of these essential security measures. Although cyber insurance can be helpful for businesses, it is a component of a comprehensive risk management plan. Companies must also focus on strengthening their defenses.
Start Back to the Basics
Surprisingly, the initial defense measure is also the most cost-effective and easiest to implement. Many cybersecurity issues companies encounter stem from failing to adhere to fundamental cybersecurity protocols, like promptly applying patches. According to the latest Sophos Active Adversary report, attacks mainly stemmed from compromised credentials, yet 43 percent of companies hadn't activated multi-factor authentication (MFA).
Next, organizations have to understand what their insurance covers. Many IT chiefs need clarification on what is covered after a cyber-attack. Forty percent of companies surveyed believe insurance covers ransom payments or income loss, but that knowledge is uncertain. That may be due to a disconnection between the department buying the insurance and IT.
Integrate Cyber Risk Strategies for Enhanced Benefits
It's about shifting from isolated solutions to a comprehensive strategy for managing cyber risks that leverages the relationship between cyber defenses and cyber insurance. By strategically investing in enhanced cyber defenses, companies can access significant cost savings on cyber insurance, along with broader operational advantages and decreased chances of facing an attack.
Download the full report for more information, including a look at the impact of cyber insurance coverage on ransomware outcomes and many other areas.