76% of Companies Improved Their Cyber Defenses to Qualify for Cyber Insurance, Sophos Survey Finds
2024年6月26日 - 10:00PM
Sophos, a global leader of innovative security solutions for
defeating cyberattacks, today released findings from its survey,
“Cyber Insurance and Cyber Defenses 2024: Lessons from IT and
Cybersecurity Leaders.” According to the report, 97% of those with
a cyber policy invested in improving their defenses to help with
insurance, with 76% saying it enabled them to qualify for coverage,
67% to get better pricing and 30% to secure improved policy terms.
The survey also revealed that recovery costs from cyberattacks
are outpacing insurance coverage. Only one percent of those that
made a claim said that their carrier funded 100% of the costs
incurred while remediating the incident. The most common reason for
the policy not paying for the costs in full was because the total
bill exceeded the policy limit. According to The State of
Ransomware 2024 survey, recovery costs following a ransomware
incident increased by 50% over the last year, reaching $2.73
million on average.
“The Sophos Active Adversary report has repeatedly shown that
many of the cyber incidents companies face are the result of a
failure to implement basic cybersecurity best practices, such as
patching in a timely manner. In our most recent report, for
example, compromised credentials were the number one root cause of
attacks, yet 43% of companies didn’t have multi-factor
authentication enabled,” said Chester Wisniewski, director, global
Field CTO.
“The fact that 76% of companies invested in cyber defenses to
qualify for cyber insurance shows that insurance is forcing
organizations to implement some of these essential security
measures. It’s making a difference, and it’s having a broader, more
positive impact on companies overall. However, while cyber
insurance is beneficial for companies, it is just one part of an
effective risk mitigation strategy. Companies still need to work on
hardening their defenses. A cyberattack can have profound impacts
for a company from both an operational and a reputational
standpoint, and having cyber insurance doesn’t change that.”
Across the 5,000 IT and cybersecurity leaders surveyed, 99% of
companies that improved their defenses for insurance purposes said
they had also gained broader security benefits beyond insurance
coverage due to their investments, including improved protection,
freed IT resources and fewer alerts.
“Investments in cyber defenses appear to have a ripple effect in
terms of benefits, unlocking insurance savings that organizations
can be diverted into other defenses to more broadly improve their
security posture. As cyber insurance adoption continues, hopefully,
companies’ security will continue to improve. Cyber insurance won’t
make ransomware attacks disappear, but it could very well be part
of the solution,” said Wisniewski.
Data for the Cyber Insurance and Cyber Defenses 2024: Lessons
from IT and Cybersecurity Leaders report comes from a
vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted
between January and February 2024. Respondents were based in 14
countries across the Americas, EMEA and Asia Pacific. Organizations
surveyed had between 100 and 5,000 employees, and revenue ranged
from less than $10 million to more than $5 billion.Read the full
“Cyber Insurance and Cyber Defenses 2024: Lessons from IT and
Cybersecurity Leaders,” on Sophos.com for additional global
findings and data by sector.
Learn More About
- The State of Ransomware 2024
- The role of law enforcement in ransomware attacks
- The latest techniques, tactics and procedures (TTPs) of cyber
attackers in the Active Adversary Report for 1H 2024
- How often companies’ backups are compromised during ransomware
attacks
- The role of unpatched vulnerabilities in ransomware
attacks
- The rise of remote encryption among ransomware groups
- Ransomware attackers targeting managed service providers (MSPs)
in the 2024 Sophos Threat Report: Cybercrime on Main Street
- The evolving ransomware business model in Junk Gun’ Ransomware:
Peashooters Can Still Pack a Punch
- Sophos X-Ops and its groundbreaking threat research by
subscribing to the Sophos X-Ops blogs
About Sophos Sophos is a global leader and
innovator of advanced security solutions for defeating
cyberattacks, including Managed Detection and Response (MDR) and
incident response services and a broad portfolio of endpoint,
network, email, and cloud security technologies. As one of the
largest pure-play cybersecurity providers, Sophos defends more than
600,000 organizations and more than 100 million users worldwide
from active adversaries, ransomware, phishing, malware, and more.
Sophos’ services and products connect through the Sophos
Central management console and are powered by Sophos X-Ops,
the company’s cross-domain threat intelligence unit. Sophos X-Ops
intelligence optimizes the entire Sophos Adaptive Cybersecurity
Ecosystem, which includes a centralized data lake that leverages a
rich set of open APIs available to customers, partners, developers,
and other cybersecurity and information technology vendors. Sophos
provides cybersecurity-as-a-service to organizations needing fully
managed security solutions. Customers can also manage their
cybersecurity directly with Sophos’ security operations platform or
use a hybrid approach by supplementing their in-house teams with
Sophos’ services, including threat hunting and remediation. Sophos
sells through reseller partners and managed service providers
(MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More
information is available at www.sophos.com.
Contact Info:
Samantha Powers, Vice President of Public Relations, Sophos@walkersands.com