A new report highlights the direct connection between how strong your organization’s security stance is and how easy it is to obtain cyber insurance.
Like any insurance policy, the insurer has figured out the indicators of risk and includes a form of assessment when considering issuing you a policy. When you want to obtain car insurance, they ask about your driving record, where you live, and even what your credit score is – all to determine how much of a risk you are. And after all that, they come up with an appropriate rate and offer you a policy… or decline offering a policy at all.
It's the same with cyber insurance – except the risk is found in a mix of your industry vertical, what country the business resides in, and (most importantly) the quality of your cyber defenses. According to cybersecurity vendor Sophos’ new The Critical Role of Frontline Cyber Defenses in Cyber Insurance Adoption report, there is a pretty direct connection between how strong your security stance is and whether you can even get insurance, how much it costs, and what the specific terms of coverage are.
Of those organizations with cyber insurance policies in place:
- 60% said that the quality of their defenses impacted their ability to get coverage
- 62% said that the quality of their defenses impacted the cost of their coverage
- 28% said that the quality of their defenses impacted the terms of their policy
In short, cyber insurers are getting smarter about the risk that exists based on how strong your cyber defenses are. While there are no specifics on the types of solutions or strategies that positively or negatively impacted coverage, we certainly believe that the presence of security awareness training will have a material impact on how strong your defenses are.