The cyber insurance market is getting tougher and for many organizations it’s getting harder – and more expensive – to secure coverage.
Fortunately, good cybersecurity can facilitate cyber insurance in multiple ways: from making it easier to get coverage, to lowering premiums and removing barriers to pay outs if you need to make a claim.
The new Sophos Guide to Cyber Insurance provides an overview into the state of the cyber insurance market and explains the different ways that cybersecurity can positively impact your customers’ insurance. It also details the Sophos technologies and services that can help your customers reduce their premiums and lower their risk.
The realities of cyber insurance
Sophos recently commissioned an independent survey into cyber insurance take-up that polled 5,000 IT decision-makers in mid-sized organizations around the globe. 84% of respondents said their organizations had some form of cyber insurance, with energy, oil/gas, and utilities, and media, leisure, and entertainment most likely to have cyber insurance (88%)*.
Only 64% of organizations surveyed, however, had cyber insurance that covers ransomware, leaving one in five (20%) exposed to the full cost of a ransomware incident despite investing in cyber insurance*.
The public sector is least likely to have both cyber insurance (72%) and insurance against ransomware (52%). This is concerning, as public entities are a frequent target for cyber criminals as well as amongst the least able to defend against a ransomware attack.
The percentage of survey respondents saying they have cyber insurance is quite a bit higher than some other reports, likely due to our focus on mid-sized organizations (100 – 5,000 employees) which excludes smaller businesses. We also include those that have cyber insurance as part of a broader company insurance policy, as well as standalone policies.
The cyber insurance market
Cyber insurance has, until now, been a ‘soft’ market, characterized by high capacity and low premiums. However, the market is starting to harden, leading to higher premiums: the cost of standalone policies in the US climbed 28.6% in 2020**. It’s also getting harder for many organizations to get insurance in the first place as the underwriting process grows more and more rigorous and overall capacity drops.
“Our cyber insurance is up and we’re having to jump through more hoops than we’ve ever had to before.”
Good cybersecurity helps with cyber insurance
Having strong cyber defenses in place can help in a number of ways.
- Advanced protection is increasingly a requirement in order to get cyber coverage, with managed detection and response (MDR) services, endpoint or extended detection and response (EDR/XDR) technologies, and next-gen endpoint protection the most common requirements.
- Multi-factor authentication is also fast becoming a prerequisite for coverage, with insurers looking to ensure some of the most common security gaps are closed before they absorb the risk.
- Having advanced IT defenses helps reduce your customers’ cyber insurance costs. Customers consistently say that the quality of their protection impacts their premiums.
- Good cybersecurity can also help keep premiums down in the long term: by minimizing your customers’ risk of being impacted by a cyberattack they reduce the likelihood that they’ll need to call on their policy – and keep their policy renewal costs down.
- If your customers experience a cyber attack and their insurer believes that they ‘left the door open’ through weak practices, they may have grounds not to pay out. This is another area where Extended Detection and Response (XDR) technology can help. It enables your customers to identify IT hygiene gaps such as out-of-date software, so they can address them and ensure that, should the worst happen, the insurance company will step in.
- And finally, responding quickly and appropriately to a cyberattack can significantly reduce the impact and cost of the incident.
How Sophos can help
We offer a wide range of products and services that can help your customers qualify for insurance, keep premiums down, and reduce the risk of making a claim. Plus, if the worst happens and they experience an incident, our Rapid Response Team will work with their insurer to minimize the impact. For more information read the Sophos Guide to Cybersecurity or speak with your Sophos representative.
Generate demand for your business
Make the most of Sophos partner marketing resources to run a successful partner marketing campaign to educate your audiences and generate demand for your business. The ready-to-run campaign kit includes the pdf report, a complete PowerPoint deck, and co-brandable email templates.
* The State of Ransomware 2021, Sophos
** S&P Global, June 1, 2021