Intelligent Tech Channels Issue 78 | Page 12

SECURITY NEWS
97 % of those with cyber policy invested in improving their defences finds Sophos

Sophos , a global provider of innovative security solutions for defeating cyberattacks , released findings from its survey , Cyber Insurance and Cyber Defences 2024 : Lessons from IT and Cybersecurity Leaders . According to the report , 97 % of those with a cyber policy invested in improving their defences to help with insurance , with 76 % saying it enabled them to qualify for coverage , 67 % to get better pricing and 30 % to secure improved policy terms .

The survey also revealed that recovery costs from cyberattacks are outpacing insurance coverage . Only one percent of those that made a claim said that their carrier funded 100 % of the costs incurred while remediating the incident .
The most common reason for the policy not paying for the costs in full was because the total bill exceeded the policy limit . According to The State of Ransomware 2024 survey , recovery costs following a ransomware incident increased by 50 % over the last year , reaching $ 2.73 million on average .
“ The Sophos Active Adversary report has repeatedly shown that many of the cyber
Chester Wisniewski , Director , Global Field CTO , Sophos
incidents companies face are the result of a failure to implement basic cybersecurity best practices , such as patching in a timely manner . In our most recent report , for example , compromised credentials were the number one root cause of attacks , yet 43 % of companies did not have multi-factor authentication enabled ,” said Chester Wisniewski , Director , Global Field CTO .
The fact that 76 % of companies invested in cyber defences to qualify for cyber insurance shows that insurance is forcing organisations to implement some of these essential security measures . It is making a difference , and it ’ s having a broader , more positive impact on companies overall . However , while cyber insurance is beneficial for companies , it is just one part of an effective risk mitigation strategy . Companies still need to work on hardening their defences . A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint , and having cyber insurance doesn ’ t change that .
Across the 5,000 IT and cybersecurity leaders surveyed , 99 % of companies that improved their defences for insurance purposes said they had also gained broader security benefits beyond insurance coverage due to their investments , including improved protection , freed IT resources and fewer alerts .
Investments in cyber defences appear to have a ripple effect in terms of benefits , unlocking insurance savings that organisations can be diverted into other defences to improve their security posture more broadly . As cyber insurance adoption continues , hopefully , companies ’ security will continue to improve . Cyber insurance will not make ransomware attacks disappear , but it could very well be part of the solution .
Data for the Cyber Insurance and Cyber Defences 2024 : Lessons from IT and Cybersecurity Leaders report comes from a vendor-agnostic survey of 5,000 cybersecurity , IT leaders conducted between January and February 2024 . Respondents were based in 14 countries across the Americas , EMEA and Asia Pacific . Organisations surveyed had between 100 and 5,000 employees , and revenue ranged from less than $ 10 million to more than $ 5 billion .
12 www . intelligenttechchannels . com