A surge in cyber threats has led to a heightened interest in cybersecurity insurance. Nearly half of the organizations surveyed in a recent study conducted by Recast Software and the Ponemon Institute have noticed a significant improvement in their cybersecurity posture after purchasing insurance. 

However, 48% have switched insurance providers due to various reasons, including policy cancellation, cost, and the search for better coverage. The demand for cybersecurity insurance is evident, with 65% of organizations opting for premiums ranging from $6 million to over $100 million. The process of determining adequate coverage varies, with most relying on market maximums and informal risk assessments.

The study, performed in the Fall of 2023, highlights an alarming increase in the number and sophistication of cyberattacks. Among the 631 IT and security professionals surveyed, 41% reported an uptick in cybersecurity incidents in their organizations during 2023. Additionally, the financial impact of these attacks is substantial, with the average cost hitting around $21 million. 

Despite these challenges, less than half of the respondents (49%) feel that their security measures are highly effective, attributing their inadequacy to outdated security technologies and complex IT environments.

The types of incidents most commonly covered by cybersecurity insurance include external attacks like ransomware, insider threats, and incidents involving third parties. When evaluating the effectiveness of their cybersecurity insurance, 43% of respondents believe their coverage is adequate, considering various factors like terms, exclusions, and carrier reliability. However, satisfaction levels vary, with only 46% expressing high satisfaction with their insurer’s response to claims. On average, insurance covers about 46% of the losses incurred from cybersecurity incidents.

Obtaining cybersecurity insurance is not without challenges. Half of the surveyed organizations find it difficult to comply with the insurers’ requirements. These prerequisites often include regular vulnerability scanning and implementation of specific security practices and technologies. Over half of the respondents report that insurers mandate regular scans for vulnerabilities, while 55% are required to have certain security technologies and practices in place, such as multi-factor authentication and adequate cybersecurity staffing.

“The goal of this study is to help IT and security leaders assess their cyber insurance needs as well as the limitations and value of these policies,” said Will Teevan, CEO of Recast Software. “We know from talking to our customers that they are more concerned than ever about the scale and cost of cyber attacks. We think this research will guide their decision-making in terms of adding or expanding insurance coverage to account for these challenges.