The Critical Role of Frontline Cyber Defenses in Insurance Adoption

Cybersecurity, cyber insurance, and ransomware are closely connected, with both security and insurance providers focused on reducing the business impact of ransomware, one of the biggest threats facing organizations today.

To understand the reality of this three-way relationship in 2023, Sophos has conducted new research into cyber insurance adoption, the role of cyber defenses in securing a policy, and how insurance coverage impacts response to ransomware incidents.

Our survey of 3,000 cybersecurity/IT professionals conducted in January and February 2023 across 14 countries reveals that:

• 91% of organizations have some form of cyber insurance coverage, with standalone policies slightly more popular than including cyber in a broader business policy
• Cyber insurance adoption increases with revenue, with the highest revenue organizations reporting the highest propensity to have cyber coverage
• 95% of organizations with cyber coverage say that the quality of their cyber defenses directly impacted their insurance position, including their ability to get a policy, the cost of their coverage, and the terms of their policy
• Organizations with cyber insurance are better able to recover data after a ransomware incident, with almost all ransomware victims that have insurance getting their data back
• Organizations with standalone cyber insurance policies and that had data encrypted in a ransomware attack are almost four times more likely to pay the ransom to recover their data than those without cyber coverage