Cyber ​​insurance as a booster for IT security: Sophos Report 2024

Sophos recently released the results of its report “Cyber ​​Insurance and Cyber ​​Defense in 2024”. It revealed that 97 percent of companies with a cyber police have invested in their defenses to support insurance. 76 percent say this has enabled them to qualify for coverage, 67 percent have received lower rates, and 30 percent have improved their contract terms.

Restoration costs exceed coverage values

The report also reveals that recovery costs after a cyberattack exceed insurance coverage. Only 1 percent of those who reported a claim had their insurer cover 100 percent of the costs incurred in investigating the incident. The most common reason for not receiving full reimbursement is that the final bill exceeds the insurance limit. According to this year's Sophos Ransomware Report, recovery costs after a ransomware attack increased by 50 percent compared to the previous year, to around 2.55 million euros.

Organizations lack cybersecurity fundamentals

The research of cybersecurity experts repeatedly shows that many cyber insurance providers find themselves in a situation where basic cybersecurity best practices have not been implemented, such as timely patching. Currently, compromised credentials rank first when it comes to the causes of an attack. This gap could be effectively closed by multi-factor authentication; however, surveys such as the Sophos Threat Report show that only just under half of companies have introduced an additional level of security.

The fact that 76 percent of companies have invested in their cyber defenses to qualify for cyber insurance shows that insurers are forcing companies to implement some of these essential security measures. This makes a difference and has a positive impact on the cyber resilience of companies overall. It must be clear: Although cyber insurance brings many benefits to companies, it is only one part of an effective risk mitigation strategy. Companies must continue to upgrade their defenses. Because a cyber attack can have a profound impact on an organization, both in terms of operations and reputation.

Investments in cyber defense have positive side effects

Of the 5,000 IT and cybersecurity leaders surveyed, 99 percent of those who improve their police department defenses say they gain security benefits beyond insurance coverage, including improved protection, freed up IT resources and fewer alerts.

To the Cyber ​​​​Insurance Report