Cyber insurance payments are rocketing, with the Association of British Insurers (ABI) finding that £197 million was paid out last year – more than three times the figure for the year before.
Increasingly sophisticated digital threats are causing more extensive damage, the ABI said, leading to higher payouts - up by a total of £138 million from 2023.
Marks & Spencer (M&S), for example, recovered £100 million from its insurers after its devastating hack earlier this year.
Malware and ransomware accounted for 51% of all claims last year, figures show, well up on the 2023 figure of 32%.
And organizations are becoming more aware of the potential threats and taking precautions, with 17% more policies taken out last year than in the previous year.
“Cyber insurance is more than just a financial safety net. The right policy not only supports businesses in the aftermath of an incident but can also help prevent attacks through access to expert advice, threat monitoring, and incident response planning," said Jonathan Fong, head of general insurance policy at the ABI.
"With cyber threats continuing to grow in scale and sophistication, it needs to be a critical component of every organisation’s modern risk management strategy.”
However, insurance doesn't always pay out, cautions Simon Jelley, vice president and general manager, data protection, at software firm Arctera.
"Just as a failure to properly maintain your car can invalidate a motor insurance claim, cyber vulnerabilities could void or limit a payout. No one should be remotely confident in an insurance payout until they take the fundamental steps to protect against a breach," he said.
"This doesn’t just mean being able to show data can be backed up – it’s about showing data is recoverable. Efficient and effective recovery – rehearsed regularly – is critical to keeping up with the ever-evolving threat landscape.”
Insurers are getting tougher with their requirements for affordable cyber cover, for example by specifying levels of security controls and compliance, and excluding claims caused by human error.
According to figures from cyber risk quantification firm CYE last year, four-in-five US firms have suffered a cyber attack that wasn’t fully covered under their insurance policy.
Perhaps surprisingly, it's the 'low tech' sectors of accommodation and food services, construction, transportation, and warehousing that tend to be the most adequately covered, with sectors like finance and insurance, information and manufacturing presenting the biggest gaps in coverage.
"Many organizations are aware of cyber risk, but do not fully comprehend what the potential cost could be if they are breached," said Nimrod Partush, vice president of data science at CYE.
"This study underscores how many companies rely on cyber insurance to cover the losses incurred as a result of cyber incidents and are then taken by surprise when they find that their insurance only covers a small portion."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Kaseya: SMBs remain cautious on AI despite persistent human error threatNews The cybersecurity vendor’s latest research reveals that trust barriers are holding AI adoption back
-
GitHub is awash with leaked AI company secretsNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
