Claims on cyber insurance have dropped by more than a third between 2022 and 2024, despite more organizations than ever having this type of cover.
This was revealed in Databarracks’ Data Health Check – an annual survey of 500 UK IT decision-makers.
Two-thirds (66%) of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years. However, as more organisations take out policies, 36% made a claim this year, falling from 58% in 2022.
According to Jammes Watts, MD of Databarracks, these findings are likely linked to an increasing number of ransomware recoveries. In previous years, most organizations chose to pay out in the event of an attack.
This drastically changed in 2024, when twice as many entities were able to recover from backups rather than meeting the demands of ransomware groups.
The amount businesses claim has also decreased, with claims over £1 million decreasing from 48% to just 16% in 2024.
Says Watts: “We have long speculated about the negative effect of cyber insurance policies on ransomware. Organizations were incentivized to pay ransoms instead of refusing, leading to a vicious cycle of payments. The nascent cyber insurance market suddenly became unsustainable.”
However, he says things have changed. “As our Data Health Check found last year, cyber insurance prices increased significantly, and the requirements to obtain coverage became stricter. The result was that the bar of preparedness was raised.”
According to him, this change has had a fantastic impact on business resilience. “Insurers now ask important questions like: are backups separate and air-gapped from production data, are they encrypted, do you have a Business Continuity Plan, and have you tested your recovery?”
In previous years, says Watts, more companies would pony up the ransom than recover themselves. “This year, we can see a dramatic shift, with organizations now twice as likely to recover from backups rather than pay a ransom.”
He says that while paying may seem like the path of least resistance, this is rarely the case, and there’s no guarantee that the business will get its data back. Choosing to pay also cements its reputation as a soft target.
As more organizations take out insurance specifically for cyber incidents, there are two positive outcomes, Watts Explains. Firstly, it ensures that businesses are financially protected in the event of an attack. Secondly, it encourages organizations to meet industry standards for resilience. As insurers become increasingly strict about their requirements, the importance of thoroughly tested business continuity plans and immutable, air-gapped backups is reinforced.
“This is the influence we hope insurance can have on the cyber landscape. Legislating and banning all payments is problematic for several reasons, so one of the few factors that could disrupt ransomware growth is this industry shift,” he adds.
The effectiveness of decryption tools can’t be guaranteed, so there are only two viable options. Pay the ransom or recover from backups.
“All organizations must have the means and confidence to recover quickly, inexpensively, and with minimal impact to operations,” Watts concludes.
Read the highlights from the Data Health Check 2024 here.
Download the full DHC report here.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.