Businesses with Cyber Insurance Are More In Tune with Their Security Needs
In today’s volatile cybercrime landscape, businesses need protection against the potential massive loss in revenue caused by a cyberattack. Companies are almost guaranteed to experience at least one successful cyberattack in their lifetime, and that can be enough to put a company out of business. In fact, 60% of businesses that are hit by a successful cyberattack go out of business within six months. But there are measures that companies can take to stave off that bad end. Cyber insurance is one of them. Is it something that every business should have, and do companies with cyber insurance experience fewer or different security challenges than companies that don’t have it?
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Do businesses commonly carry cyber insurance?
A majority of businesses already carry cyber insurance. In our Datto SMB Cybersecurity for MSPs Report study, we learned that seven in 10 of our respondents currently have cyber insurance, with 69% of respondents reporting that they have cyber insurance, 23% reporting that they do not have it and 8% unsure. For businesses that are in tightly regulated industries, cyber insurance is often a must-have for compliance. A solid chunk of businesses also wants to get cyber insurance if they don’t have it already. Of the remaining respondents without cyber insurance, over a third said that they are highly likely to get it in the next 12 months. Companies in Australia and New Zealand, Singapore and The Netherlands were most likely to have cyber insurance, while companies in the UK were the least likely to have cyber insurance.
Does your organization have cyber insurance?
|Australia & New Zealand||70%||22%||8%|
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Are businesses without cyber insurance in the market for it?
If a company doesn’t have cyber coverage, are they looking to get it in the next year? In general, businesses that don’t carry cyber insurance right now are in the market for a policy to protect them from catastrophic loss due to a cyberattack. More than three-quarters of our respondents said that they are likely to pursue obtaining cyber insurance in the next year. However, 26% of respondents do not plan on getting cyber insurance in the next 12 months. Looking by region, companies in North America were most likely to purchase cyber insurance within the next year (80%) and companies in Germany were least likely to be in the market (38%).
How likely is your organization to get cyber insurance in the next 12 months?
|North America||UK||Germany||Australia & New Zealand||Singapore|
|Not very likely||16%||26%||31%||20%||21%|
|Not at all likely||3%||6%||7%||0%||4%|
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Do companies with cyber insurance experience different security problems than companies without it?
Obtaining cyber insurance can involve jumping through many security hoops. While understanding the compliance requirements regarding security and maintaining compliance with ever-shifting regulations is challenging, companies that carry insurance see a big benefit from beefing up their security. Organizations that have cyber insurance still experience a wide array of security issues, but they have far fewer phishing messages and viruses to handle than companies that aren’t insured. This could be the result of security tools like endpoint detection and response finding security problems that would normally be overlooked, giving companies the chance to fix them before they get worse.
Have you experienced these security problems in the past year?
|Problem||Orgs with cyber insurance||Orgs without cyber insurance|
|COVID-19 related scams||24%||16%|
|Attack on your IT service provider||20%||8%|
|Endpoint threats detected||19%||7%|
|Other security issue||4%||3%|
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Are companies with cyber insurance more aware of threats?
One interesting takeaway from this survey is that companies that do carry cyber coverage are much more likely to be cognizant of the fact that a major security disaster like a ransomware attack could happen to them at any time. While almost half (47%) of respondents overall believed that it was likely that their company would suffer a ransomware attack, the numbers change when we divide the respondents into two categories: those with cyber coverage and those without cyber insurance.
How likely is it that your organization will experience a ransomware attack in the next year?
|Overall||Orgs with cyber insurance||Orgs without cyber insurance|
|Not very likely||30%||25%||44%|
|Not at all likely||8%||8%||8%|
|I am unfamiliar with this attack||2%||1%||4%|
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Security awareness training is often a cyber insurance requirement
Cyber insurers aren’t just going to cover anybody. Insurers want organizations to demonstrate a commitment to security before they agree to provide cyber insurance, with a shifting list of requirements to obtain or maintain coverage. One common item on that list is regular security awareness training including phishing simulation for every employee. Sometimes, cyber insurers require potential clients to meet a certain cybersecurity framework benchmark, like HIPAA or SOC 2, to obtain cyber coverage. Both of those frameworks require security awareness training for compliance.
Of course, security awareness training is also a must-have for every organization. Beyond meeting cyber insurance requirements, security awareness training brings big security improvements to companies without a big price tag. Researchers in a U.K. study discovered that the improvement in employee behavior that companies see when they engage in security awareness training is stark.
- At the beginning of the study, as many as 40% to 60% of the employees surveyed were likely to open malicious links or attachments.
- After about six months of security awareness training, the percentage of employees who took the bait dropped to 20% to 25%.
- When the employees completed three to six months more of security awareness training, only 10% to 18% of them fell for phishing messages.
- Ongoing training is essential for organizations to receive benefits like these. Each employee should receive 11 sessions per year.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Start or improve your security awareness training program with BullPhish ID
BullPhish ID provides the tools that IT professionals need to run security awareness training that can meet cyber insurance standards. BullPhish ID offers a library of video lessons and the right phishing simulations to fit every group of users, with administration tools and options that make the training process painless for everyone involved.
- Choose from a wide variety of plug-and-play phishing simulations, with new phishing simulation kits added every month.
- Train your way with fully customizable content including links and attachments to reflect industry-specific threats.
- Access a huge library of security and compliance training videos with 4 new videos added every month
- Quickly measure retention and see who needs more help with quizzes and easy-to-read progress reports.
Now you can enjoy a major BullPhish ID enhancement, Advanced Phishing Simulations (Drop-A-Phish), that leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users. LEARN MORE>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya solutions. SEE CASE STUDIES>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID or Graphus now!