Global firms boost cyber defences for insurance, Sophos reveals

Global firms boost cyber defences for insurance, Sophos reveals | Insurance Business Asia

Growing role of insurance highlighted amid rising recovery costs from cyberattacks

Global firms boost cyber defences for insurance, Sophos reveals


Roxanne Libatique

A survey by Sophos, titled “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders,” has indicated that 76% of global companies have strengthened their cyber defences to meet the requirements for cyber insurance coverage.

This trend highlights the growing role of cyber insurance in business strategies, as firms seek to mitigate the risks of cyberattacks by ensuring their partners have sufficient coverage.

The survey found that 40% of respondents were unsure if their policy covered ransom payments, and 41% were uncertain about coverage for income loss.

Cyber coverage vs. costs of recovering from cyberattacks

The costs of recovering from cyberattacks often surpass the limits of insurance coverage.

Only 1% of claimants reported that their insurer fully compensated their remediation expenses, with most experiencing partial payments due to exceeded policy limits.

He also noted the broader impact of these required upgrades.

“The fact that 76% of companies invested in cyber defences to qualify for cyber insurance shows that insurance is forcing organisations to implement some of these essential security measures,” he said. “It’s making a difference, and it’s having a broader, more positive impact on companies overall. However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy. Companies still need to work on hardening their defences. A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint, and having cyber insurance doesn’t change that.”

Impacts of investing in cyber defences

Investments in cyber defences for insurance purposes have reportedly led to broader security benefits.

Among the respondents, 99% agreed that their defensive improvements had positive impacts, such as enhanced protection, freed IT resources, and reduced security alerts.

Wisniewski highlighted the additional benefits of cyber defence investments.

“Investments in cyber defences appear to have a ripple effect in terms of benefits, unlocking insurance savings that organisations can divert into other defences to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution,” he said.

The survey gathered responses from 5,000 IT and cybersecurity leaders across 14 countries, including regions in the Americas, EMEA, and Asia Pacific (APAC). The organisations surveyed varied in size, employing between 100 and 5,000 individuals, with revenues ranging from below US$10 million to over US$5 billion.

Related Stories