In a survey of 5,000 IT and cybersecurity leaders, cybersecurity firm Sophos found that 97% of companies with a cyber insurance policy had invested in improving their defenses in order to help with insurance. More than three-fourths of respondents said these investments enabled their organization to qualify for coverage, 67% got better pricing and 30% secured more beneficial policy terms.
The survey also found that recovery costs are significantly outpacing insurance coverage. Respondents reported that insurers typically paid 63% of the total incident costs. The most common reason carriers did not fully reimburse costs was that the total bill exceeded policy limits.
“In the face of inevitable cyberattacks, adopting a holistic approach to cyber risk management that takes advantage of the interplay between cyber defenses and cyber insurance will enable organizations to lower their overall total cost of ownership of cyber risk management while reducing their likelihood of experiencing a major incident,” the report noted.