Sophos has created a new guide on cyber insurance and gives useful tips on what companies should pay attention to. Cyber insurance is like other insurance: first of all, it hurts because it causes costs, and when the damage occurs, you are happy to have one.
But what exactly can be secured with cyber insurance and which rules apply? How can companies keep the sum insured low despite high coverage? And which coverage amount is the right one? The crux of the matter is that there are many variables involved in cyber insurance. Sophos has compiled decision-making aids for companies in the white paper "Sophos Guide to Cyber Insurance".
Not everything is automatically secured
The range of services offered by insurers is large and the right services need to be chosen with care. Insurance cover is possible for, for example, forensic analysis, ransom demands and negotiation of the ransom, costs for regaining access to IT systems and for restoring data, legal costs, costs for publicity measures or costs for notifying customers and/or authorities. In reality, companies often do not protect themselves against the greatest threat: ransomware. For example, a Sophos study of 5.000 IT decision-makers in medium-sized companies showed that although 84 percent of companies have cyber insurance protection, only 64 percent are protected against the consequences of ransomware.
Cyber insurance costs are changeable
Basically, most companies are aware of the risk posed by cyber threats. The biggest drivers for the decision to invest in cyber insurance are the media or, in the worst case, personal impact. How much a company has to invest in insurance premiums also depends on its existing IT security. Although demographic data, the risk assessment by the insurance company and the history of a company play a decisive role in calculating the sum insured, the company can have a significant positive influence on this through its own level of IT security. If the risk for the insurer decreases, the insurance premiums also decrease.
Ransomware attack costs an average of 1,59 million euros
On the other hand, the costs incurred in the event of a cyber attack can hardly be influenced. Last year, the average cleanup cost of a ransomware attack was €1,59 million, more than double the previous year (€650.000).
Cyber insurance: Recommended with preparation and comparative research
The loss ratio of the insurance industry increased three years in a row and amounted to 2020 percent in 72,8. Therefore, the sums insured are sometimes set lower and the insurance premiums higher. At the same time, the administrative burden for companies is increasing because they have to continuously prove their protection mechanisms. This hardening of the market is due to several factors, which are also outlined in the white paper.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.