Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.
66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years. But as more organisations take out policies, just 36% made a claim this year, falling from 58% in 2022.
These findings are likely linked to an increasing number of ransomware recoveries. In previous years, the majority of organisations chose to pay out in the event of an attack.
This has drastically changed in 2024, with twice as many organisations able to recover from backups rather than meeting the demands of ransomware groups.
The amount organisations are claiming has also decreased, with claims over £1 million decreasing from 48% to just 16% in 2024.
James Watts, Managing Director at Databarracks, commented:
“We have long speculated about the negative effect of cyber insurance policies on ransomware. Organisations were incentivised to pay ransoms instead of refusing, leading to a vicious cycle of payments. The nascent cyber insurance market suddenly became unsustainable.
“But then things changed. As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter. The result was that the bar of preparedness was raised.
“That change has had a fantastic impact on businesses resilience. Insurers now ask important questions like: are backups are separate and air-gapped from production data, are they encrypted, do you have a Business Continuity Plan and have you tested your recovery?
“In previous years, more organisations would pay the ransom than recover themselves. This year we can see a dramatic shift, with organisations now twice as likely to recover from backups rather than pay a ransom.
“While paying may seem like the quick, low-cost solution – that’s rarely the case. There’s no guarantee that you will get your data back and choosing to pay also cements your reputation as an easy target.
“As more organisations take out insurance specifically for cyber incidents, there are two positive outcomes. Firstly, it ensures that businesses are financially protected in the event of an attack.
“Secondly, it encourages organisations to meet industry standards for resilience. As insurers become increasingly strict about their requirements, the importance of thoroughly tested Business Continuity Plans – as well as immutable, air-gapped backups – is reinforced.
“This is the influence we hope insurance can have on the cyber landscape. Legislating and banning all payments is problematic for a number of reasons, so one of the few factors that could disrupt the growth of ransomware is this shift in the industry.
“The effectiveness of decryption tools can’t be guaranteed, so there are only two viable options. Pay the ransom or recover from backups.
“It is vital that all organisations have the means and confidence to recover quickly, inexpensively and with minimal impact to operations.”
Read the highlights from the Data Health Check 2024: https://datahealthcheck.databarracks.com/2024/
Download the full DHC report: https://www.databarracks.com/resources/data-health-check-2024
