Organizations thinking of stinting on cybersecurity efforts and paying for cyber coverage may want to read this survey summary…

In a Jan/Feb 2023 survey of 3,000 leaders responsible for IT/cybersecurity across 14 countries and working in firms with between 100 and 5,000 employees, on ransomware and cyber insurance topics, the data correlated the quality of an organization’s cyber defenses with its cyber-insurability, premium costs and policy terms.

Some 95% of respondents whose organizations had purchased a cyber insurance policy in the last year had report a direct impact: 60% indicated that it impacted their ability to get coverage; 62% cited that it impacted the cost of their coverage; and 28% indicated it impacted the terms of their policy.

The data showed 91% of respondents whose organizations were buying cyber insurance, with eight percent citing they did not have coverage but planned to obtain it in the next year.

Other findings

Some other trends linked to cyber insurance were:

    • Respondents’ organizations with cyber insurance were more likely to be able to recover data that was encrypted in a ransomware incident: 98% of those with a standalone policy and 97% of those with additional cyber coverage were able to recover encrypted data after a ransomware attack, compared to 84% of those without cyber coverage.
    • Respondents’ organizations with standalone cyber insurance policies were almost four times more likely to pay the ransom to recover encrypted data than those without cyber coverage: of those that had data encrypted in a ransomware incident in the last year, 59% of those with a standalone cyber insurance policy had paid the ransom, compared with 37% of those with cyber as part of a broader insurance policy and 15% of those that did not have cyber insurance.

Said Raja Patel, Senior Vice President, Sophos, which commissioned the survey: “Organizations need to properly configure and manage security technologies and also effectively respond to threats” — presumably their demonstrated cyber defense capabilities can rake-in lower cyber insurance premiums and better policy terms.