All About Cyber Insurance

Posted on 6 February 20256 February 2025

This week we’re looking at cyber insurance.

Why is it important to consider cyber insurance?

Cyber risk is inevitable. No business with internet-connected devices can eliminate cyber risk entirely; rather it’s a question of how to manage it.

Two of the primary approaches to cyber risk management are:

treat the risk by deploying cyber controls and changing user behaviour
transfer the risk through obtaining cyber insurance.

Treatment and transfer of risk are complementary elements of a balanced cyber risk management program.

In the face of inevitable cyberattacks, adopting a holistic approach to cyber risk management that takes advantage of the interplay between cyber defences and cyber insurance will enable organisations to lower their overall total cost of ownership (TCO) of cyber risk management while reducing their likelihood of experiencing a major incident.

Adoption of cyber insurance is widespread

Our partners Sophos have conducted a worldwide survey regarding cyber insurance. The survey confirms that adoption of cyber insurance is widespread among organisations with 100-5,000 employees, with 90% of organisations having some form of cyber coverage – 50% have a standalone policy while 40% have cyber as part of a wider business insurance policy, such as a general liability policy.

Organisations adopt cyber insurance for various reasons (see below), with nearly half (48%) citing awareness of the business impact of cyberattacks as the primary motivator and 45% reported it was part of their cyber risk mitigation strategy and 42% said that they need cyber insurance to work with clients or partners who require it.

Investing in cyber defences to optimise insurance position is common practice – and its working

97% of organisations that purchased cyber insurance last year improved their defences to optimise their insurance position. Nearly two-thirds (63%) made major investments, while 34% made minor ones.

These security investments are paying off, as the survey found that nearly every company that invested in improving their cyber defences said it had a positive impact on their cyber insurance position (99.6%, 4,351 of 4,370 respondents).

Cyber insurance requirements are driving organisations to improve their defences, with 76% of respondents saying their investments secured coverage they couldn’t otherwise obtain if they hadn’t. Two-thirds (67%) were also able to get better-priced coverage, and 30% received improved terms thanks to their improved protection (e.g., higher coverage limits).

Furthermore, organisations investing in security enjoyed benefits beyond just insurance. 99% reported wider benefits such as improved protection and fewer alerts.

What should we do now?

Firstly, review the cybersecurity systems you have in place and identify any gaps. Then, if you are happy with the cybersecurity procedures you have in place, get in touch with your insurer.

If you find any gaps in your defence systems, please get in touch with your Account Manager who can advise on the best way to close these gaps and enhance your IT security.

Posted in NewsTagged Cybersecurity

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.