Demand for cyber insurance increases as attacks get more sophisticated

A new report shows that as the severity and sophistication of cyberattacks has increased along with the financial consequences, many companies have been prompted to invest in or review their cybersecurity insurance.

The study of over 600 IT security professionals, conducted by the Ponemon Institute for Recast Software, shows 41 percent say their organization has experienced an increase in the number of cybersecurity incidents in 2023, 61 percent say the total cost of these attacks had averaged $21 million, and 75 percent say their cybersecurity exposure would increase or at best stay the same in the coming year.

The requirements of insurers do have a positive impact on security policy, 49 percent of respondents say that following the purchase of cybersecurity insurance their security posture had improved greatly or significantly. However, 48 percent say they have changed insurance companies due to policy cancellation (25 percent), cost (21 percent), or finding a company that offered better coverage and pricing (18 percent).

Half of respondents say it's difficult or very difficult to comply with insurer's demands though. 51 percent of respondents say their insurance company requires regular scanning for vulnerabilities that need to be patched. 55 percent of respondents say they are required to have certain security practices and technologies in place. Adequate staff to support cybersecurity programs and policies (49 percent) and multi-factor authentication (48 percent) are the top practices and tech required.

Top factors to determine adequate insurance coverage are the maximum available from the insurance market (35 percent) and an informal or ad hoc risk of assessments (31 percent). Only 27 percent say they do a formal risk assessment by in-house staff and only 25 percent say their insurer or broker conducted a formal assessment. 65 percent of respondents are purchasing policies of a minimum of $6 million to more than $100 million cover.

"The goal of this study is to help IT and security leaders assess their cyber insurance needs as well as the limitations and value of these policies," says Will Teevan, CEO of Recast Software. "We know from talking to our customers that they are more concerned than ever about the scale and cost of cyber attacks. We think this research will guide their decision-making in terms of adding or expanding insurance coverage to account for these challenges."

You can get the full report from the Recast site.

Image Credit: FuzzBones/Shutterstock