A new study by cybersecurity services provider Sophos shows that organizations with proper cyber defense in place are more likely to have effective cyber insurance. This report sheds light on how the effectiveness of an organization’s cyber defenses directly influences its insurability, premium costs, and policy terms. 

The Sophos’ study also highlights that cyber insurance adoption has become the norm, with 91% of organizations reporting coverage. Another 8% are planning to acquire coverage within the next year. The presence of insurance coverage plays a crucial role in an organization’s ability to recover from cyberattacks. 

In a statement, Raja Patel, senior vice president of Products at Sophos, emphasized the critical importance of having robust cybersecurity defenses to safeguard against active adversaries. He highlighted the need for organizations to properly configure and manage security technologies while also effectively responding to threats. This requires a skilled talent pool with expertise in the field. Patel expressed Sophos’ commitment to meeting customers’ needs by providing industry-first threat detection and response capabilities, thereby ensuring superior security outcomes.

Sophos: Hackers utilize LOLbins to attack organizations
Sophos: Organizations in APJ can’t execute cybersecurity tasks

The report’s findings indicate that 95% of organizations that obtained cyber insurance in the past year experienced a significant impact, meaning 60% faced challenges in securing coverage, 62% noticed an increase in their coverage costs, and 28% faced changes in their policy terms.

Data recovery

Organizations with cyber insurance are more likely to successfully recover data that has been encrypted in a ransomware incident. In fact, 98% of those with standalone policies and 97% of those with cyber coverage as part of a broader insurance policy were able to recover their encrypted data after a ransomware attack. This contrasts with the 84% recovery rate for organizations without cyber coverage.

Organizations with standalone cyber insurance policies are nearly four times more likely to pay the ransom to regain access to their encrypted data compared to those without cyber coverage. Among organizations that experienced data encryption through a ransomware incident in the past year, 59% of those with standalone cyber insurance policies opted to pay the ransom. In contrast, 37% of those with cyber coverage as part of a broader insurance policy and only 15% of those without cyber insurance chose to pay the ransom.

The data presented in the report titled “The Critical Role of Frontline Cyber Defenses in Cyber Insurance Adoption,” is based on an independent global survey conducted in January and February 2023. The study involved 3,000 cybersecurity and IT professionals across 14 countries, providing a comprehensive and diverse perspective on the current landscape.