From Reactive to Proactive: Cyber Insurance is Driving Optimal Security Investments for Organizations

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, indicating that organizations are beginning to understand the true value and place of a cyber insurance policy.

For the last few years, it felt like organizations were seeing cyber insurance like they do their car insurance; have an “accident” and let the policy cover it. 

But as insurers spent the last few years’ worth of claims to better understand the nature of cyber attacks, cyber defenses, and where risk actually lies, it was only a matter of time until organizations would feel the pressure of insurers to strengthen their own defenses and evolve their understanding of a cyber insurance policy’s purpose and place within a cyber security strategy.

According to Sophos’ Cyber Insurance and Cyber Defenses 2024 report, it appears that the time is now, as 97% of organizations plan on investing in improving their cyber defenses alongside obtaining a cyber insurance policy, with two-thirds of those organizations plan on making a “major” investment.

These investments in better cyber defenses have a material positive impact on an organization’s cyber insurance position.  According to the report, the improvements have the following impacts:

• 76% of orgs were able to qualify for coverage
• 67% were able to obtain better coverage
• 30% were able to get better pricing

While the report did not go into specifics about the kinds of improvements, we know all too well that new-school security awareness training is a requirement for many cyber insurers because of its’ ability to materially reduce the likelihood of a successful phishing-based cyber attack.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.