One cybersecurity firm has used secondary research to recommend prevention, security-first culture, and partnerships with cyber experts and insurers as remedies

In referencing various reports* on the cost of cyberattacks and their impact on insurance-industry coverage trends, a cybersecurity (and cyber training) firm has disclosed some secondary research in its own report.

First, the data from the various sources has been interpreted to point out that “insurers are increasingly looking for strong security measures when determining coverage and premiums” and the potential effectiveness of “ongoing security awareness training in reducing an organization’s vulnerability to attacks.”

Second, the meta-analysis suggests that cyberattack expenses are escalating rapidly, extending beyond immediate disruptions to include legal fees, fines, and reputational harm — “highlighting the urgent need for robust risk management.”

Other findings

Third, based on the premise that cyber threats rank as the top global concern (with social engineering and phishing leading the way), the report highlights the need for strengthened human defenses against these targeted attacks. Also:

  • Small- and medium- sized enterprises mentioned in the data analyzed had faced disproportionate impacts from cyber incidents. While the average costs of the latter incidents were comparatively lower, the financial consequences could be more severe, thereby requiring “tailored security strategies”.
  • Expanding data privacy laws mentioned in the reports analyzed were seen to be driving a surge in class action lawsuits, especially in the US, with potential growth in Europe.
  • Human factors were concluded to be the most vulnerable aspect of cybersecurity, accounting for 75% of data breaches in the third-party reports used for analysis.
  • The report authors suggest the need for a “multi-faceted approach that combines cutting-edge cybersecurity measures with comprehensive insurance coverage. A focus on prevention, security culture and education is critical, coupled with strategic partnerships between businesses, insurers and cybersecurity experts.”

According to Stu Sjouwerman, CEO, KnowBe4, the firm that reported its analysis: “Organizations, regardless of size, must adopt a proactive and comprehensive approach to cybersecurity. Cybersecurity cannot remain an isolated IT function. Instead, it must be embraced as a core component of organizational strategy, ensuring that technological risk management is backed by informed human defenses and comprehensive risk management practices, including cyber insurance.”

*The 2024 IBM Cost of a Data Breach 2 report, the 2024 Coalition Cyber Claims Report; the 2024 NetDiligence Cyber Claims Study, among other papers on cyber insurance matters. Note that reports containing the year 2024 are projections based on actual 2023 or earlier data.