The cyber insurance market is getting tougher and for many organizations it’s getting harder – and more expensive – to secure coverage.
Fortunately, good cybersecurity can facilitate cyber insurance in multiple ways: from making it easier to get coverage, to lowering premiums and removing barriers to pay outs if you need to make a claim.
The new Sophos Guide to Cyber Insurance provides an overview into the state of the cyber insurance market and explains the different ways that cybersecurity can positively impact your insurance. It also details the Sophos technologies and services that can help you reduce your premiums and lower your risk.
The realities of cyber insurance
Sophos recently commissioned an independent survey into cyber insurance take-up that polled 5,000 IT decision-makers in mid-sized organizations around the globe. 84% of respondents said their organizations had some form of cyber insurance, with energy, oil/gas, and utilities, and media, leisure, and entertainment most likely to have cyber insurance (88%)*.
Only 64% of organizations surveyed, however, had cyber insurance that covers ransomware, leaving one in five (20%) exposed to the full cost of a ransomware incident despite investing in cyber insurance*.
The public sector is least likely to have both cyber insurance (72%) and insurance against ransomware (52%). This is concerning, as public entities are a frequent target for cyber criminals as well as amongst the least able to defend against a ransomware attack.
The percentage of survey respondents saying they have cyber insurance is quite a bit higher than some other reports, likely due to our focus on mid-sized organizations (100 – 5,000 employees) which excludes smaller businesses. We also include those that have cyber insurance as part of a broader company insurance policy, as well as standalone policies.
The cyber insurance market
Cyber insurance has, until now, been a ‘soft’ market, characterized by high capacity and low premiums. However, the market is starting to harden, leading to higher premiums: the cost of standalone policies in the US climbed 28.6% in 2020**. It’s also getting harder for many organizations to get insurance in the first place as the underwriting process grows more and more rigorous and overall capacity drops.
“Our cyber insurance is up and we’re having to jump through more hoops than we’ve ever had to before.”
Corporate travel company
Good cybersecurity helps with cyber insurance
Having strong cyber defenses in place can help in a number of ways.
- Advanced protection is increasingly a requirement in order to get cyber coverage, with managed detection and response (MDR) services, endpoint or extended detection and response (EDR/XDR) technologies, and next-gen endpoint protection the most common requirements.
- Multi-factor authentication is also fast becoming a prerequisite for coverage, with insurers looking to ensure some of the most common security gaps are closed before they absorb the risk.
- Having advanced IT defenses helps reduce your cyber insurance costs. Customers consistently say that the quality of their protection impacts their premiums.
- Good cybersecurity can also help keep premiums down in the long term: by minimizing your risk of being impacted by a cyberattack you reduce the likelihood that you’ll need to call on your policy – and keep your policy renewal costs down.
- If you experience a cyber attack and your insurer believes that you ‘left the door open’ through weak practices, they may have grounds not to pay out. This is another area where Extended Detection and Response (XDR) technology can help. It enables you to identify IT hygiene gaps such as out-of-date software, so you can address them and ensure that, should the worst happen, the insurance company will step in.
- And finally, responding quickly and appropriately to a cyberattack can significantly reduce the impact and cost of the incident.
How Sophos can help
We offer a wide range of products and services that can help you qualify for insurance, keep premiums down, and reduce the risk of making a claim. Plus, if the worst happens and you experience an incident, our Rapid Response Team will work with your insurer to minimize the impact. For more information read the Sophos Guide to Cybersecurity or speak with your Sophos representative.
* The State of Ransomware 2021, Sophos
** S&P Global, June 1, 2021