Businesses are finally improving their cybersecurity stances, just not necessarily for the right reasons, new research from Sophos has found.
With cyber threats becoming increasingly prevalent amid global geopolitical tensions, Sophos claims many companies are looking to up their protection in order to get better insurance premiums, indicating that they’re very much worried about the present and not the future.
However, it’s not a bad thing, because according to its ‘Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders’ report, 97% of organizations with cyber insurance have invested in improving their defenses.
Companies are only investing in cybersecurity for better insurance
Of the 97% that increased investment, three-quarters (76%) did so to qualify for coverage. Two-thirds (67%) said that they’d invested in order to obtain better insurance pricing, with one-third (30%) citing improved policy terms as a result.
Despite the positive trend, recovery costs from cyberattacks continue to surpass insurance coverage. A worrying 1% of claimants reported that their insurer covered all remediation costs, primarily because the expenses exceeded policy limits.
A separate Sophos report claims that recovery costs relating to ransomware attacks have surged by 50% in the past year, now averaging $2.73 million.
Speaking about businesses’ reactions to insurance policies, Chester Wisniewski, director, global Field CTO, commented: “It’s making a difference, and it’s having a broader, more positive impact on companies overall. However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy.”
Wisniewski added: “Companies still need to work on hardening their defenses.”
However, businesses’ reactive approaches to cyber insurance isn’t improving cybersecurity overall. Only 54% of UK organizations have standalone cyber insurance policies.
Besides covering the benefits of improved cybersecurity, Sophos’s study also highlights some of the attractions of cyber insurance, such as improved protection, freed IT resources and fewer alerts.
More from TechRadar Pro
- Boost your security with the best endpoint protection software
- Downloaded something dodgy? Check out the best malware removal
- Cybersecurity workers are increasingly working over the weekends — and many are ready to quit