Please fill in the form below to subscribe to our blog

Are Companies with Cyber Insurance More Security Savvy?

July 14, 2023
A diverse group pf It professionals collaborate at a computer workstation

Businesses with Cyber Insurance Are More In Tune with Their Security Needs


In today’s volatile cybercrime landscape, businesses need protection against the potential massive loss in revenue caused by a cyberattack. Companies are almost guaranteed to experience at least one successful cyberattack in their lifetime, and that can be enough to put a company out of business. In fact, 60% of businesses that are hit by a successful cyberattack go out of business within six months. But there are measures that companies can take to stave off that bad end. Cyber insurance is one of them. Is it something that every business should have, and do companies with cyber insurance experience fewer or different security challenges than companies that don’t have it? 


What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>


Do businesses commonly carry cyber insurance? 


A majority of businesses already carry cyber insurance. In our Datto SMB Cybersecurity for MSPs Report study, we learned that seven in 10 of our respondents currently have cyber insurance, with 69% of respondents reporting that they have cyber insurance, 23% reporting that they do not have it and 8% unsure. For businesses that are in tightly regulated industries, cyber insurance is often a must-have for compliance. A solid chunk of businesses also wants to get cyber insurance if they don’t have it already. Of the remaining respondents without cyber insurance, over a third said that they are highly likely to get it in the next 12 months. Companies in Australia and New Zealand, Singapore and The Netherlands were most likely to have cyber insurance, while companies in the UK were the least likely to have cyber insurance. 

Does your organization have cyber insurance? 

Region Yes No Don’t Know 
North America 68% 26% 6% 
UK 63% 22% 15% 
Germany 66% 26% 9% 
Netherlands 72% 19% 9% 
Australia & New Zealand 70% 22% 8% 
Singapore 75% 20% 5% 

Source: Datto



Are businesses without cyber insurance in the market for it? 


If a company doesn’t have cyber coverage, are they looking to get it in the next year? In general, businesses that don’t carry cyber insurance right now are in the market for a policy to protect them from catastrophic loss due to a cyberattack. More than three-quarters of our respondents said that they are likely to pursue obtaining cyber insurance in the next year. However, 26% of respondents do not plan on getting cyber insurance in the next 12 months. Looking by region, companies in North America were most likely to purchase cyber insurance within the next year (80%) and companies in Germany were least likely to be in the market (38%). 

How likely is your organization to get cyber insurance in the next 12 months?   

 North America UK Germany Australia & New Zealand Singapore 
Extremely likely   10% 8% 4% 9% 13% 
Very likely   36% 18% 37% 21% 18% 
Somewhat likely   34% 42% 21% 51% 44% 
Not very likely   16% 26% 31% 20% 21% 
Not at all likely   3% 6% 7% 0% 4% 

Source: Datto


EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>


Do companies with cyber insurance experience different security problems than companies without it? 


Obtaining cyber insurance can involve jumping through many security hoops. While understanding the compliance requirements regarding security and maintaining compliance with ever-shifting regulations is challenging, companies that carry insurance see a big benefit from beefing up their security. Organizations that have cyber insurance still experience a wide array of security issues, but they have far fewer phishing messages and viruses to handle than companies that aren’t insured. This could be the result of security tools like endpoint detection and response finding security problems that would normally be overlooked, giving companies the chance to fix them before they get worse.  

Have you experienced these security problems in the past year? 

Problem Orgs with cyber insurance Orgs without cyber insurance 
Computer viruses 31% 31% 
Phishing messages 31% 36% 
COVID-19 related scams 24% 16% 
Attack on your IT service provider 20% 8% 
PII/credential theft 20% 8% 
Endpoint threats detected 19% 7% 
Ransomware 16% 9% 
Other security issue 4% 3% 
None 13% 30% 

Source: Datto


Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>


Are companies with cyber insurance more aware of threats? 


One interesting takeaway from this survey is that companies that do carry cyber coverage are much more likely to be cognizant of the fact that a major security disaster like a ransomware attack could happen to them at any time. While almost half (47%) of respondents overall believed that it was likely that their company would suffer a ransomware attack, the numbers change when we divide the respondents into two categories: those with cyber coverage and those without cyber insurance.  

How likely is it that your organization will experience a ransomware attack in the next year? 

 Overall Orgs with cyber insurance Orgs without cyber insurance 
Extremely likely   13% 18% 4% 
Very likely   21% 25% 11% 
Somewhat likely   27% 25% 33% 
Not very likely   30% 25% 44% 
Not at all likely   8% 8% 8% 
I am unfamiliar with this attack 2% 1% 4% 

Source: Datto


How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>


Security awareness training is often a cyber insurance requirement 


Cyber insurers aren’t just going to cover anybody. Insurers want organizations to demonstrate a commitment to security before they agree to provide cyber insurance, with a shifting list of requirements to obtain or maintain coverage. One common item on that list is regular security awareness training including phishing simulation for every employee. Sometimes, cyber insurers require potential clients to meet a certain cybersecurity framework benchmark, like HIPAA or SOC 2, to obtain cyber coverage. Both of those frameworks require security awareness training for compliance.  

Of course, security awareness training is also a must-have for every organization. Beyond meeting cyber insurance requirements, security awareness training brings big security improvements to companies without a big price tag. Researchers in a U.K. study discovered that the improvement in employee behavior that companies see when they engage in security awareness training is stark.   

  • At the beginning of the study, as many as 40% to 60% of the employees surveyed were likely to open malicious links or attachments.   
  • After about six months of security awareness training, the percentage of employees who took the bait dropped to 20% to 25%.   
  • When the employees completed three to six months more of security awareness training, only 10% to 18% of them fell for phishing messages.    
  • Ongoing training is essential for organizations to receive benefits like these. Each employee should receive 11 sessions per year.   

an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>


Start or improve your security awareness training program with BullPhish ID 


BullPhish ID provides the tools that IT professionals need to run security awareness training that can meet cyber insurance standards. BullPhish ID offers a library of video lessons and the right phishing simulations to fit every group of users, with administration tools and options that make the training process painless for everyone involved.  

  • Choose from a wide variety of plug-and-play phishing simulations, with new phishing simulation kits added every month.   
  • Train your way with fully customizable content including links and attachments to reflect industry-specific threats.   
  • Access a huge library of security and compliance training videos with 4 new videos added every month  
  • Quickly measure retention and see who needs more help with quizzes and easy-to-read progress reports.  

Schedule a demo of BullPhish ID 

Now you can enjoy a major BullPhish ID enhancement, Advanced Phishing Simulations (Drop-A-Phish), that leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users. LEARN MORE>>    


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>