Only slightly more than half of businesses in the US and Canada currently have cyber insurance, with small and medium-sized firms (SMEs) even more exposed to attacks.
That is according to new research from Corvus Insurance and software firm Blackberry, which commissioned a poll of 450 IT and cybersecurity decision makers at businesses across North America last month.
Only 55% of respondents had cyber insurance, and less than 20% had coverage in excess of $600,000 (£497,526), which was the median ransomware demand amount in 2021.
Among SMEs with fewer than 1,500 employees, just 14% had a coverage limit in excess of $600,000, with half saying that they hope their governments will offer financial assistance to organisations hit by ransomware attacks.
Although 28% of the IT and cybersecurity decision-makers surveyed said that they “intend to acquire coverage shortly”, the researchers highlighted how the costs continue to rise.
“The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible” said Shishir Singh, BlackBerry executive vice president. “For uninsured and under-insured organisations, this potentially puts them in extreme jeopardy.”
“It’s vital that businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk.”
The survey also found that 60% of firms would reconsider entering into a partnership or agreement with another business or supplier if the organisation did not have comprehensive cyber insurance.
Indeed, 68% of IT decision-makers said that they would be likely to reassess a partner or supplier agreement because of their cybersecurity practices.
Furthermore, the findings show that 34% of respondents had been previously denied cyber coverage by insurance providers due to not meeting endpoint detection and response (EDR) software eligibility requirements.
Vincent Weafer, chief technology officer at Corvus Insurance, said: “Though it might sound counter-intuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry.
“In our portfolio alone, we’ve seen a 50% reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organisations to stand up to attackers.”
Image credit: iStock
Author: Chris Seekings