According to a Sophos study, 76 percent of companies improve their cyber defenses to qualify for cyber insurance, even though the cost of cyber remediation is often higher than the cost covered by insurance.

Most companies have improved their cybersecurity to qualify for cyber insurance, but recovery costs from cyberattacks are often higher than insurance coverage, according to a Sophos survey of 5,000 cybersecurity and IT leaders from fourteen countries in the Americas, EMEA and Asia Pacific, including France, Germany and Italy.

Investing in cybersecurity

Sophos, a specialist in security solutions against cyberattacks, has published the results of the study “Cyber ​​​​Insurance and Cyber ​​​​Defences 2024: Lessons from IT and Cybersecurity Leaders”. According to the survey, 97 percent of companies with cyber insurance have invested in improved cyber defense measures. Of these organizations, 76 percent say that these improvements have made them eligible for insurance. In addition, 67 percent say that they have received a better premium and 30 percent better insurance conditions as a result.

Although cyber insurance is one of the reasons for investing in cyber defense, research shows that the cost of recovering from cyber attacks is often higher than the insurance coverage. Only one percent of organizations that filed a lawsuit received 100 percent of the recovery costs. The most common reason for this was that the total cost exceeded the policy limit. According to the State of Ransomware 2024 report, the average cost of recovering from a ransomware incident has risen to $2.73 million.

Chester Wisniewski, Director and Global Field CTO at Sophos, points out that many cyber incidents are due to failure to follow basic security practices, such as timely patching. The report shows that 43 percent of organizations do not have multi-factor authentication enabled, which often leads to attacks via compromised credentials.