With the cybersecurity landscape getting more complex and challenging, businesses and organisations across the world are opting for a cyber insurance cover — either as part of an overall insurance policy or a standalone policy.
India, which tops the global average in weekly cyber attacks, is also emerging as a leading buyer of cyber covers. India is ranked sixth among the top 14 countries taking adequate cover for cyber breaches, according to a recent survey. South Africa leads the list with 98 per cent of organisations taking a cyber insurance cover, followed by Singapore with 97 per cent, and Austria and the US with 94 per cent each.
Before going in for a policy, companies are expected to put in the needed safeguards to tackle cyber challenges. The survey, by cybersecurity solutions company Sophos, covered 3,000 respondents across 14 countries, including 300 from India, to understand the relationship between cybersecurity, cyber insurance, and ransomware.
“They are closely connected, with both security and insurance providers focused on reducing the business impact of ransomware, one of the biggest threats facing organisations today,” Sally Adam, Senior Director (Marketing) at Sophos, said in the report ‘The Critical Role of Frontline Cyber Defenses in Cyber Insurance Adoption’.
The respondent organisations had employees numbering 100 to 5,000. The research was conducted in January and February 2023, and reflects the organisations’ experience of ransomware and cyber insurance in the previous 12 months.
“About 81 per cent of those hit by ransomware in the previous year, and paid the ransom, reported that the quality of their defences impacted their ability to get coverage — a 35 per cent increase over the average,” she said.
Organisations with cyber insurance are more likely to be able to recover data following a ransomware incident than those without coverage.
Conversely, only 84 per cent of organisations without cyber coverage reported that they could recover data.
What led to strengthening cyber defence
The strong cyber controls required to secure a policy put organisations in a better position to recover data. This includes putting in place secure backups and an incident response plan.
The study also showed that ransomware victims with standalone cyber insurance policies are almost four times more likely to pay the ransom to recover encrypted data than those without cyber coverage.
About 58 per cent of organisations with a standalone cyber insurance policy, and which had data encrypted in a ransomware attack last year, paid the ransom to get their data back. In comparison, only 36 per cent of those with cyber insurance as part of a broader insurance policy paid the ransom and this was 15 per cent for those without cyber insurance.
About 91 per cent of organisations have some form of cyber insurance coverage, with standalone policies slightly more popular than including cyber in a broader business policy.
The study also found that cyber insurance adoption increases with revenue, with organisations with high revenues reporting the highest propensity to have cyber coverage.
Overall, about 47 per cent of the organisations said they have a standalone cyber insurance, while 43 per cent said they have a cyber insurance cover as part of a wider business policy. About 8 per cent don’t have cyber insurance but plan to get coverage in the next year.
Among the verticals, the education (both higher and lower) sector reported the highest overall level of cyber insurance coverage (96 per cent), followed by financial services — which is most likely to have a standalone cyber policy (59 per cent), and retail (56 per cent). Interestingly, IT, telecom and technology verticals have a low coverage of 35 per cent.