When the concept of cyber insurance was first introduced, it seemed like a shakedown and another way for insurers to take an organization’s money. But today, according to Sophos’ Cyber Insurance 2022: Reality from the Infosec Frontline report, cyber insurance policies are now held by 94% of organizations.
So, what’s driving this adoption of cyber insurance?
Much of the adoption lies in organizations experiencing an attack and realizing they need insurance to cover what their own cybersecurity stance doesn’t. According to the report:
- 57% of respondents experienced an increase in the volume of cyberattacks on their organization
- 59% saw the complexity of these attacks increase
- 53% said the impact of these attacks had also increased
- 89% of those hit by ransomware have cyber insurance against ransomware
And it’s getting more challenging to obtain cyber insurance as insurers evolve their minimum cybersecurity standards. According to the report:
- 94% of those with cyber insurance said the process for securing coverage had changed over the last year
- 54% say the level of cybersecurity they need to qualify for insurance is now higher
- 47% say policies are now more complex
- 40% say fewer companies offer cyber insurance
- 37% say the process takes longer
And even if you get a policy, there’s no guarantee the attack scenario you encounter is covered, as many organizations have needed to go to court over being paid out based on their policy.
So, the best plan is to have as secure an environment as possible – including securing your users with continual Security Awareness Training to minimize the threat of email- and web-based social engineering attacks designed to give attackers entrance into the organization’s network.
Information used in this article was provided by our partners at KnowBe4.