Site icon Sophos News

Cyber insurance: there’s bad news and there’s good news

Earlier this year, we asked 5,600 IT professionals about their experiences with cyber insurance.

The results are mixed, but the key takeaways are that cyber insurance is becoming harder and more expensive to get due in part to an increase in attacks. However, it’s meant that in order to get cyber insurance, companies are required to have solid protections in place, which means that overall defenses have improved.

Here’s a closer look at some of the data. You can download the full report here.

The bad news

For starters, the overall threat environment is more challenging than ever. Over the last year, companies have been dealing with the following:

And when it comes to ransomware, things are getting worse. When asked if they’d been hit by ransomware in the last year, 66% of respondents said yes – up from 37% when we asked the same question last year.

What’s more, the average ransomware payment is now north of $800,000 whereas last year it was around $170,000.

Here’s what that means when it comes to trying to get cyber insurance in 2022. Our respondents reported the following:

So: more frequent, more complex, more impactful attacks and fewer companies offering harder to get policies that are more expensive. Time for some good news, right?

The good news

All the bad news listed above has become a forcing factor toward better security. The data indicates that 97% of those surveyed reported making changes to their defenses in order to secure insurance.

Of those who made changes…

The other good news is that if you’re able to secure cyber insurance, it appears to be a worthwhile investment: 98% of respondents indicated that cyber insurance that included ransomware coverage paid out on related claims. Actual ransom payments were down as well, from 44% in 2019 to 40% in 2021.

More good news: we can help

The first step toward getting cyber insurance: make sure you can get cyber insurance. According to leading cyber insurance broker Marsh McLennan Agency, the following security controls are must-haves…

…while the following seven controls are desirable as well:

Fortunately, the Sophos Managed Threat Response (MTR) service enables you to achieve many of these controls with single solution.

With Sophos MTR, you get our 24/7 threat hunting and response service, our powerful extended detection and response (XDR) tool, and Sophos’ world-class endpoint protection. Together they tick many of the cyber control boxes:

And that’s just with one service! We’ve also got network protection with Sophos Firewall, advanced filtering and business email compromise (BEC) protection with Sophos Email, phishing testing and training with Sophos Phish Threat, and several other products and services.

Visit Sophos.com to learn more and click here to read the report: Cyber Insurance 2022: Reality from the Infosec Frontline

Exit mobile version