Dive Brief:
- Companies with cyber insurance coverage are reducing risk and are more likely to detect, respond and recover from data breaches and malicious attacks, compared to organizations without coverage, according to two reports released this week.
- An At-Bay commissioned survey conducted by Omdia shows cyber insurance is helping to drive proactive security measures, mitigation strategies and targeted spending. More than 7 in 10 respondents said they view cyber coverage as important or critical to their company, and reported increased spending on proactive security solutions over the past 12 months.
- A separate report from Forrester showed 1 in 4 global companies with standalone cyber insurance coverage were able to detect and respond to incidents in seven days or less, compared with 19% of businesses with no coverage or 18% with cyber coverage bundled into another policy.
Dive Insight:
The reports highlight the important role insurance coverage plays in cyber mitigation efforts and risk reduction.
Companies view insurance coverage as an important factor in mitigating against data breaches, malicious attacks and maintaining business continuity.
“Companies with coverage fare better in detection, response and recovery,” Heidi Shey, principal analyst at Forrester, said via email.
Insurance companies often provide various resources, including incident response planning and tabletop exercises, to help prepare companies for an incident, Shey noted. They also often work with a panel of service providers, to help with investigations and recovery.
Nearly 1 in 4 of enterprise security decision makers said obtaining insurance over the next 12 months was a key strategic priority, Forrester research found. About 12% of global professionals said their organization purchased standalone cyber coverage to reduce overall business risk.
The February ransomware attack against Change Healthcare and the July IT outage impacting 8.5 million Microsoft Windows devices linked to a defective CrowdStrike software upgrade underscore the enormous financial and operational impact linked to IT security issues.
Insured losses in the CrowdStrike incident are expected to reach $1 billion and Fortune 500 companies could see direct impacts of $5.4 billion.
The Omdia report is based on a survey of more than 400 security decision makers across companies in the U.S., Canada, U.K., France and Germany.
Forrester’s research is based on responses from 573 business and technology professionals in 2024, while a separate survey is based on responses from 1,620 global security professionals in 2023.
Disclosure: Omdia and Cybersecurity Dive are both owned by Informa. Omdia has no influence over Cybersecurity Dive’s coverage
Source link