Cyber Insurance Continues to Skyrocket—Do You Have a Security Strategy in Place?
Cyber Insurance Continues to Skyrocket—Do You Have a Documentable Security Strategy in Place to Show You’re Prepared?
Cyber risk is a growing critical concern for organizations of all sizes and public entities globally, as we continue to rely on information technology and digital devices. But in the wake of steadily rising digital threats, cyber insurance is getting increasingly expensive—and difficult—for companies to procure.
Fill out the form below to receive a link to the article.
Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.
Cyber Insurance Continues to Skyrocket—Do You Have a Security Strategy in Place?
Cyber Insurance Continues to Skyrocket—Do You Have a Documentable Security Strategy in Place to Show You’re Prepared?
Cyber risk is a growing critical concern for organizations of all sizes and public entities globally, as we continue to rely on information technology and digital devices. But in the wake of steadily rising digital threats, cyber insurance is getting increasingly expensive—and difficult—for companies to procure.
Ransomware Attacks Pose An Increasing Threat to Businesses of All Sizes: The State of Ransomware 2022
Cyberattacks are a constant threat to organizations of all sizes. To better understand how the current attack environment and track how ransomware trends have changed over time, Sophos commissioned an independent, vendor-agnostic survey of 5,600 IT professional in mid-sized organizations across 31 countries. This survey was conducted in January and early February 2022. The results highlighted the increasing threat that ransomware poses, and the increased role cyber insurance is playing in driving organizations to improve their cyber defenses.
Cyberattacks are up from last year
Ransomware attacks have increased significantly over the past year—66% of organizations surveyed were hit by an attack in 2021, up 78% from the previous year. This is due in part to the ease at which bad actors are able to deploy attacks. The Ransomware-as-a-service mode has reduced the skill level needed to attack.
Not only are attacks more prevalent, but the attacks themselves are becoming more successful and more complex. In 2021, 65% of attacks resulted in data being encrypted, up from 54% in 2020. Fifty-nine percent of organizations who experienced cyberattacks saw the complexity of the attacks increase, while 57% saw an increase in the volume of cyberattacks overall.
Data recovery rates are improving
Despite the increase in attacks within the past year, there is some good news. Almost every organization surveyed (99%) were able to get some encrypted data back—up from 96% in 2020. The top method used to restore data was backups, which was used by 73% of organization whose data was encrypted in an attack. In addition to backups, a large portion—forty-six percent—paid a ransom to have their data restored.
Unfortunately, while paying a ransom typically allows organizations to get some data back, it is less effective than in years past at restoring data. On average, organizations that paid a ransom only got back 61% of their data, down from 65% the previous year, while only 4% of those that paid the ransom got ALL their data back in 2021, down from 8% in 2020. This highlights the importance of employing multiple methods to restore data—utilizing backups in particular can improve the speed of recovery and increase the amount of data that can be recovered.
Ransom payments have increased
Not only are ransoms less effective at restoring data than in previous years, but the amount of the payments themselves have increased considerably. Between 2020 and 2021 there was a threefold increase in the proportion of victims paying ransoms totaling US$1 million or more. The percentage paying the lowest ransom amounts decreased over that same time—from one in three (34%) to one in five (21%).
The average ransom payout increased 4.8X from 2020 data, from an average of US$170K to US$812,360 in 2021. However, the average ransom amount varies greatly across industries, with manufacturing and utilities coming in at the top of this survey with an average of US$2.04M and US$2.03M, respectively, while healthcare and local/state government had the lowest average ransom payments at US$197K and US$214K, respectively.
Ransomware greatly impacts companies, both economically and operationally
Even when some of all data is able to be restored after a cyber attack, the costs of loss productivity or inability to operate at all can be substantial. Of those hit by ransomware last year, 90% said their most significant attack impacted their ability to operate, while 86% said it caused them to lose business and/or revenue. The average cost to remediate an attack in 2021 was US$1.4M, which, thankfully was down from US$1.85M in 2020. This was due in part to cyber insurance providers being better able to guide victims through an effective response more rapidly.
Although there have been improvements in total recovery time over the years, it still took, on average, one month for organizations to fully recover from the most significant attacks. Those in higher education and central/federal government had the slowest average response times, at around 2-5 months, while manufacturing and financial services were the quickest, with the majority being able to recover in one month or less.
Despite the huge economic costs of ransomware attacks, many organizations are putting their faith in defense that don’t actually prevent ransomware—only more quickly mitigate its effects. Seventy-two percent of organizations in the survey who weren’t hit by ransomware in the past year and didn’t expect to be hit in the future cited backups and cyber insurance as reasons why they don’t anticipate an attack. Neither of these elements actually prevent attacks in the first place.
Simply having security resources in place does not necessary mean that they are effective. Of those surveyed who were hit by ransomware in the last year, 64% said they had more cybersecurity budget than they need, and 24% said they had the right amount of budget. Many of these organization also said they had more headcount or the right amount of headcount (65% and 23%, respectively. This reveals that despite having ample resources—both personnel and technology—organizations will not achieve a high return on investment without a combination of the right technology and expertise to use the technology effectively.
Cyber insurance drives changes to cyber defenses
Thankfully, organizations do not have the shoulder the burden of ransomware costs all on their own. The survey found that four in five mid-sized organizations had insurance against ransomware attacks. However, 34% said there were exclusions/exceptions in their polices. Organizations that had been previous hit by ransomware attacks in the past were much more likely to have cyber insurance coverage against ransomware. However, many respondents indicated that securing coverage has changed in the past year, or gotten more difficult to obtain:
- 54% said the level of cybersecurity they need to qualify is now higher
- 47% said policies are now more complex
- 40% said fewer companies offer cyber insurance
- 37% said the process takes longer
- 34% said it is more expensive
As a result, 97% of organizations that have cyber insurance have made changes to their cyber defense to improve their cyber insurance position. 64% have implemented new technologies/services, 56% have increased staff training/education activities, and 52% have changed processes/behaviors.
Conclusion
The survey has revealed that ransomware continues to be an imminent threat for organizations of all sizes across industries. For many, choosing an experienced partner with expertise in cybersecurity not only improve their chances of getting approved for the right amount of cyber insurance coverage, but can ensure that they see an higher return on investment and improved ability to prevent and mitigate attacks in the future.
Lowering Cybersecurity Insurance Premiums with Managed Security Services
Lowering Cybersecurity Insurance Premiums with Managed Security Services
Midmarket organizations face the threat of cyberattacks that put every organization at great risk. As a result, a greater number of IT professionals are turning to managed security services to lower cybersecurity insurance premiums.
Fill out the form below to receive a link to the article.
Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.
Featured Content
Lowering Cybersecurity Insurance Premiums with Managed Security Services - PDF
Lowering Cybersecurity Insurance Premiums with Managed Security Services
Midmarket organizations face the threat of cyberattacks that put every organization at great risk. As a result, a greater number of IT professionals are turning to managed security services to lower cybersecurity insurance premiums.
eBook: What Mid-Market Companies Need for Data-Driven Success and How to Get It
What Mid-Market Companies Need for Data-Driven Success and How to Get It
Using your data as an asset to drive competitive business growth and achieve cost cutting operational efficiencies is imperative for a company to compete, survive, and thrive. Increasingly, data and analytics have become a primary driver of business strategy and the potential of data-driven business strategies is greater today than ever.
Fill out the form below to receive an email with a link to the eBook.
Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.
Featured Content
What Mid-Market Companies Need for Data-Driven Success and How to Get It
What Mid-Market Companies Need for Data-Driven Success and How to Get It
Using your data as an asset to drive competitive business growth and achieve cost cutting operational efficiencies is imperative for a company to compete, survive, and thrive. Increasingly, data and analytics have become a primary driver of business strategy and the potential of data-driven business strategies is greater today than ever.
Insurance Company Discovers Solution to Data Management Challenges with Aunsight Golden Record
A major global insurance company was creating a new customer-facing portal and needed a data management solution to deliver synchronization of data updates from the portal to its backend insurance policy and analytical systems. Customers would start using the web portal to update information, such as contact information, and the insurance company desired a solution to automatically communicate the data entries and changes to other company systems. The goal was for the most up to date customer data to be available for use in the line of business applications across the company and to ensure that data would remain consistent across ten separate systems for over two million customers cross the globe.
The insurance company initially selected a cloud-native data management solution provided by a company in Silicon Valley. They began a proof of concept project. However, the solution did not perform as planned. Despite being promoted as an out-of-the-box master data management solution, the product required users to write “glue code” to map and connect data sources to the platform. The insurance team soon realized that they would also be responsible for maintaining the glue code and connectors—the solution did not do this. They calculated that they would need to hire at least one more full time employee to do this work.
Further, the platform was built for a technical audience and was not intuitive to use. It required more training than originally thought. And because it was built for a highly technical audience, it limited who from the insurance company team would be skilled enough to use it. The technical skills required to use the platform meant that the burden would be on the IT department to fix data errors reported by business users, and respond to data query requests from the business, in addition to having to build and maintain connectors to data sources and govern and secure the data. This workflow would not be sustainable long-term.
Unsatisfied with the Silicon Valley solution, the global insurance company launched a second proof of concept project to try Aunsight™ Golden Record. Instead of merely integrating the data sources, the Aunsight Golden Record platform cleansed data, eliminated duplicate records, used ELT/ETL and other techniques to normalize data from the different data sources into a single automatically generated schema. To learn how Aunsight Golden Record resolved this company’s data management challenges, download the full insurance use case.