Cyber insurance is a critical safety net against the consequences of cybercrime. It doesn't prevent cybercrime but mitigates its impacts, providing comprehensive support and easing an organization’s financial liability when incidents do occur.

About cyber insurance

Cyber insurance, also known as cyber risk insurance or cyber liability insurance, offers a critical safety net against the consequences of cybercrime. It doesn't prevent cybercrime but mitigates its impacts, providing comprehensive support and easing an organization’s financial liability when incidents do occur. Cyber insurance and cybersecurity technologies and best practices are complementary approaches to reducing cyber risk for organizations.

Here we share some common examples of controls and coverages, that organizations should consider. Speak with your insurance provider to explore underwriting specifics related to your organization and industry.

What are the main benefits of cyber insurance?

There are many advantages of having cyber insurance, ranging from financial liability minimization to operational restoration and support following an event.

  • Financial protection. Cyber insurance covers various costs that arise due to cyber incidents, reducing the overall financial impact of an incident or breach on the business.
  • Adherence to commercial requirements. Many businesses now require their partners to have cyber insurance, making it a commercial necessity.
  • Operational support. In the event of a cyber incident, insured entities have immediate access to a team of experts, including IT forensics specialists, privacy lawyers, and public relations professionals.
  • Peace of mind. Having cyber insurance reassures customers, partners, suppliers, and employees of an organization’s preparedness for averting or withstanding a cyberattack.

What does cyber insurance typically cover?

Below are common examples of coverages, but you should speak to your carrier for policy specifics.

  • Business interruption. Covers income loss and operational costs associated with a cyber event
  • Data loss or damage. Compensates for losses incurred when data in IT systems and networks is lost, damaged, or stolen as a consequence of a breach
  • Forensic analysis. Funds investigations to determine the source of the attack
  • Ransom demands. Covers ransom payments and the cost of specialists for ransom negotiation
  • Data restoration. Financially and operationally supports efforts to regain access to or restore data from backups or other sources
  • Legal fees. Pays for legal support related to cyber incidents
  • Public relations. Provides services to manage any public impact and company reputation issues created by a cyber event
  • Client and regulatory notifications. Covers the costs of notifying affected clients and regulatory bodies
  • Credit monitoring. Offers credit monitoring services for individuals impacted by a breach, such as the business’s customers

How can I expect my insurer to respond if my company experiences a ransomware attack?

Cyber insurance providers typically help you recover from an attack by doing the following:

  • Appointing negotiation consultants. These experts advise on negotiating and handling ransom demands.
  • Identifying cost-effective recovery solutions. Your insurer will help you determine the least expensive and/or most expedient method of restoring data, whether that involves paying the ransom or utilizing backups.
  • Providing expert support to resolve issues efficiently and effectively. These services often include rapid, 24/7 support from cyber specialists who assess your systems, identify the source of a breach, and suggest preventive measures for the future. Support can also include advice about legal and regulatory requirements for notifying your customers and other affected parties of a data breach.

What factors are driving cyber insurance adoption and claims?

Organizations adopt cyber insurance primarily due to the business impact of cyberattacks and cybercrime. It is often part of their cyber risk mitigation strategy. Cyber insurance is becoming a business necessity to mitigate supply chain attack risks, meet the demands of boards and senior management, and, often, ensure commercial partners have coverage.

In various sectors, many insurance purchases are driven by the need to meet client or business partner requirements. This need varies by industry. The energy, oil/gas, and utilities sectors, for example, are among the most critical, with stringent requirements for purchasing insurance. The significant impact of attacks on the energy/utilities sector, along with their tendency toward outdated technology challenges, increases the need for risk mitigation through increased coverage.

The most frequent triggers of cyber insurance claims, according to the NetDiligence Cyber Claims Study 2023, are the following:

  • Ransomware
  • Business email compromise (BEC)
  • Hacking
  • Monetary theft
  • Employee errors

What are the challenges with obtaining ransomware insurance?

Ransomware is one of the biggest cyberthreats businesses face today, with severe financial impacts on victims. The average ransom payment is now about $2M, and the overall recovery cost, excluding any ransom payment, is about $2.73M (source: The State of Ransomware 2024, Sophos). One in 10 organizations has invested in cyber insurance that does not cover many costs associated with a ransomware attack, such as ransom payments, breach notification, breach negotiations, and income loss.

Businesses are facing challenges getting cyber insurance due to requirements for improved cybersecurity practices and policy clauses that limit or exclude ransomware coverage in exchange for lower premiums.

  • Stricter qualification requirements. Organizations with past ransomware claims may struggle to get or renew insurance without improving their cyber defenses. Insurers are raising cybersecurity standards to reduce the risk of large payouts. Recent Sophos surveys show that increased cybersecurity measures are now essential for insurance eligibility.
  • Policy considerations and exclusions. Many policies include conditions or exclusions for ransomware, such as whether ransom payments are covered. Choosing not to include these coverages can lower your policy cost but will also reduce your financial protection if a ransomware attack does occur.

What are cyber controls?

Cyber insurance and cyber defenses are complementary approaches that go hand in hand to reduce cyber risk for organizations. Think of cyber controls as measures your organization takes to avoid, detect, counteract, or mitigate security risks to physical property, information, computer systems, and other assets. Controls can include technology-based defenses as well as business processes and user best practices that your organization establishes to protect the confidentiality, integrity, and availability of its data.

What cyber controls do cyber insurers generally require and what do those controls involve?

High levels of cyber control are commonly required by insurance providers as conditions of underwriting coverage that provides an essential safety net against the financial repercussions of cyber incidents. As digital threats grow more sophisticated, so do insurers’ cyber control requirements. Below are the types of cyber controls that insurance providers often mandate as a condition for coverage.

  • Endpoint detection and response (EDR). Provides robust protection for endpoints and workloads, effectively blocking potential cyberattacks. These systems are supported by around-the-clock threat-hunting experts who monitor IT environments and detect, investigate, and neutralize even the most advanced, human-led attacks.
  • Web security. Protects against harmful downloads and suspicious payloads delivered through web browsers. Administrators can warn users or block their access to websites based on category, block downloads of risky file types, and implement data leakage prevention measures on web-based email and file-sharing services. Enhanced security for cloud workload environments provides data security even when users access virtual desktops outside of traditional web gateways.
  • Privileged access management (PAM). Monitors and records all user activities, including authentication and changes to privilege settings. Provides comprehensive endpoint protection to prevent the theft of user credentials directly from device memory.
  • Cyber incident response planning. Includes proactive incident response capabilities that enable rapid and effective response to cyber events by experienced professionals.
  • Hardening techniques and Remote Desktop Protocol (RDP) mitigation. Identifies and remediates security gaps to strengthen the organizational cybersecurity posture. Provides control over RDP usage, enhancing visibility and management of RDP policies across all managed devices.
  • Logging and monitoring. Maintains extensive logs, storing up to 90 days of on-disk data and 30 days of data in secure data lakes, to enable thorough monitoring and analysis.
  • End-of-life systems management. Identifies outdated and unsupported software and systems to help ensure that they are replaced or securely protected.
  • Patch management and vulnerability management. Offers detailed insights into all applications on devices, including version information, SHA-256 encryption, and patch details. Executes queries to verify installed applications against online vulnerability databases and assess registry settings for security weaknesses.

What impact does cyber insurance have on cyber defense investments?

Cyber insurance drives significant spending on cyber defense investments. According to recent data, a large majority of organizations that purchased cyber insurance improved their defenses to optimize their insurance position. The requirement for better cybersecurity to qualify for insurance has encouraged businesses to enhance their protection, leading to overall improved security postures. This trend indicates that cyber insurance not only provides financial protection but also incentivizes organizations to invest in robust cybersecurity measures.

How do cyber defenses impact cyber insurance offers?

Better cyber defenses facilitate access to coverage and result in lower prices for cyber insurance. Organizations with strong cybersecurity measures are more likely to qualify for insurance and receive better terms, such as lower premiums and deductibles. Enhanced defenses also result in improved terms, such as higher coverage limits, which makes investing in cybersecurity a cost-effective strategy that benefits both insurance costs and overall security.

In a Sophos-commissioned cyber insurance report, more than half of IT professionals reported an increase in the level of cyber controls required by their insurance providers over the previous year. This trend underscores the growing emphasis on preventive measures in the cybersecurity insurance domain that aim to reduce the frequency and severity of claims. By implementing and maintaining these essential cyber controls, organizations can not only secure cyber insurance more effectively but also fortify their defenses against the evolving landscape of cyberthreats.

Related resources

Sophos cyber insurance resources

Cyber Insurance and Cyber Defenses 2024 report

Sophos guide to cyber insurance | A Sophos white paper (registration required)

What is endpoint security? | A Sophos "Cybersecurity Explained" article

Speak with a Sophos expert

Related security topic: What is endpoint security?

Catch up on More Cybersecurity News