Dive Brief:

• Most cyber insurance policies do not fully cover the costs of a breach after a claim is filed, according to survey results published by Sophos, a U.K.-based cybersecurity firm.
• Only 1% of organizations that made a cyber insurance claim during the previous year saw their policy cover 100% of the costs they incurred while remediating the incident, according to a report on the findings, released Wednesday. Sophos polled 5,000 technology and cybersecurity leaders worldwide between January and February.   
• “With the average cost to remediate a ransomware attack now $2.73 million, organizations should ensure that their policy provides sufficient coverage should they experience a major incident,” the report said.

Dive Insight:

A record number of U.S. and Canadian companies faced a “cyber extortion” event last year, with unprecedented ransom demands, according to a report published this month by insurance broker Marsh. A total of 282 extortion events were reported to Marsh in 2023, an increase of 64% compared with 2022.

Although representing only 17% of all cyber claims filed, ransomware remained a top concern for organizations given their increased frequency, sophistication, and potential severity, Marsh reported.

With ransomware attacks, criminals use malicious software to prevent companies from accessing their own computer files, systems or networks, and they demand ransom payments to have such access restored. Such attacks can also involve threats to leak sensitive data to the public internet.

As cyber criminals have grown bolder in their requests, an increasing number of companies have refused to pay, Marsh found. Seventy-seven percent of Marsh’s clients targeted for cyber extortion last year refused to pay a ransom, compared with 37% in 2021.

Still, such attacks can involve huge costs even where no ransom is paid, according to Meredith Schnur, Marsh’s U.S. and Canada cyber brokerage leader.

Companies responding to a ransomware event can end up having to work with a number of third-party service providers, such as a ransom negotiator, Schnur said in an interview. “In addition, if there needs to be a reconstruction of data [that was compromised in the breach], that can get costly as well,” she said.

Recovery costs following a ransomware incident increased by 50% over the last year, reaching $2.73 million on average, according to Sophos. The research found widespread use of cyber insurance among organizations looking to minimize the potential financial risks they might face in the event of a major breach.

Ninety percent of companies with 100-5,000 employees reported having some form of cyber coverage. Half had a standalone policy while 40% had a cyber policy as part of a wider business insurance package, such as a general liability plan.

The vast majority (97%) of companies with a cyber policy invested in improving their defenses to help with insurance, with 67% saying this allowed them to get better pricing. Another 30% said such steps enabled them to secure improved policy terms.

Reasons cited for cyber insurance not fully covering breach-related expenses included:

• The total costs exceeded the policy limit (63%).
• The costs were incurred without the insurer’s permission (58%).
• Some costs/losses weren’t covered by the insurance policy (45%).
• The organization didn’t have the required cyber defenses for the claim to be honored (14%).

“Cyber insurance is an investment, and organizations should be sure that their policy provides the coverage they need in the event of a major incident,” the report said. “All stakeholders, including the IT/cybersecurity teams that will be at the frontline if an incident occurs, should be involved in the insurance policy decisions to ensure that any investment meets the organization’s needs.”