A Sophos study of 282 claims shows that the value of cyber insurance claims from companies using MDR services is, on average, 97,5 percent lower than the value of claims from companies relying only on endpoint protection; XDR/EDR products are around one-sixth more expensive than MDR solutions.
Sophos commissioned a vendor-independent study to measure the financial impact of various cybersecurity products on the value of cyber insurance claims. The study clearly demonstrates the significant differences in attack-related losses depending on the use of pure endpoint protection solutions or those with EDR/XDR technologies compared to MDR services. This provides valuable insights for insurers and companies alike.
The most revealing results
- Organizations that use MDR services incur 97,5 percent less costs than those that rely solely on endpoint security, namely €71.828 compared to €2,87 million.
- Organizations that use EDR/XDR solutions incur one-sixth the costs of organizations with only endpoint protection, in numbers: €478.850 compared to €2,87 million.
- Organizations using MDR have the most predictable demands, while those using EDR/XDR solutions have the least predictable demands.
- The predictability of MDR user reports reflects the consistency with which MDR providers quickly detect and neutralize threats. Because MDR services offer 24/7 monitoring, investigation, and response by security specialists, they can take rapid action at any time of day or night.
- Continuous coverage is especially important because many attackers deliberately conduct their attacks outside of business hours (According to Sophos X-Ops, 81 percent of ransomware attacks) in the hope that discovery will be delayed until they have achieved their goals.
- Organizations that deploy MDR services recover fastest from severe cyberattacks: 47 percent recover within a week, compared to just 18 percent for those relying solely on endpoint protection and 27 percent for those with EDR/XDR solutions. The sooner an attack can be stopped, the lower the recovery costs.
- Organizations that use MDR services are the most predictable in terms of recovery time from ransomware attacks, while those using EDR/XDR are the least predictable.
MDR: Much lower cyber insurance claims
"Cyber insurance claim scores are an effective way to quantify the impact of cyberattacks on organizations," said Michael Veit, cybersecurity expert at Sophos. "A higher score indicates that the victim suffers significant financial and operational consequences from a cyberattack. A lower score reflects minor disruption.
Reducing the insured value benefits everyone involved: For clients, lower values mean improved resilience against cyberattacks, while insurers benefit from lower payouts. This also creates a virtuous circle: when insurers spend less on claims coverage, they can lower premiums, which provides another benefit for customers. While there is broad consensus that stronger cyber protection reduces the financial and operational costs of a cyberattack and the value of the resulting claim, no one has been able to measure this until now. With our survey, we have now backed this thesis with facts for the first time."
Managing investments in cybersecurity with an ROI focus
"Organizations spend vast sums annually on their cybersecurity," Veit continued. "By measuring the impact of cyber controls on cyberattack outcomes, this study enables organizations to steer their investments in a direction that will achieve the best possible return on investment (ROI).
It also provides valuable insights for insurers, who can significantly influence cybersecurity spending by requiring certain controls as a condition of coverage and offering discounts where modern technologies are available. This can ensure they create incentives for investments that have a truly positive impact on incident outcomes and resulting loss values.
Background to the study
For the study, a total of 2024 incidents from 282 companies with 232 to 50 employees were examined in the second half of 3.000. Respondents used cybersecurity solutions from a variety of vendors, including 19 different endpoint protection vendors and 14 different MDR service providers. All companies were using multi-factor authentication (MFA) at the time of the claim-triggering cyberattacks. The study was conducted by Vanson Bourne on behalf of Sophos.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.