Striking new findings suggest a significant percentage of companies lack cyber insurance despite ongoing and sophisticated threats posed by a range of cyberattack scenarios. The 2024 Cybersecurity Risk Managers Report reveals that 32% of companies surveyed do not have dedicated cyber insurance coverage, leaving them vulnerable to potentially devastating financial and operational impacts in the wake of an attack.
This data comes from a comprehensive study by Nationwide, which surveyed 400 corporate risk managers across mid-sized firms. The report highlights that although 68% of companies carry cyber insurance policies, a concerning portion still operates without this critical financial safeguard. This gap persists even as 99% of risk managers acknowledge the importance of cyber insurance, and 61% consider it extremely important for their organization’s security posture.
Beyond the percentage of companies without coverage, the report hints at deeper issues. Only 40% of risk managers at companies without insurance believe their current cybersecurity software is sufficient, while 32% cite management’s failure to recognize the value of cyber insurance coverage, a topic we’ve covered in recent posts. These findings suggest that cyber insurance remains an untapped resource for many organizations, akin to installing a sprinkler system but neglecting to insure a building against fire damage. Despite the advanced protection offered by software, the lack of financial coverage leaves companies exposed to significant risks.
The findings underscore the urgency of cyber insurance, particularly as businesses face increasingly sophisticated threats, including those driven by generative AI. 77% of risk managers expressed concern about AI-driven cyberattacks, with 24% of recent attacks involving generative AI. These AI-driven threats are becoming more frequent and complex, raising the stakes for companies that lack robust cyber insurance coverage to mitigate their risk.
Cyberattacks have serious financial implications. 62% of risk managers reported that their company had experienced a cyberattack in the past three years, with 78% of those attacks disrupting business operations and 74% resulting in moderate or significant financial losses. For many companies, recovery took longer than a month—and for 35%, it stretched beyond four months. This highlights the necessity of cyber insurance in helping companies manage recovery costs and limit business disruptions.
Evolving Coverage
When companies do carry cyber insurance, the policy evolves to meet new challenges. 65% of risk managers reported changes in their coverage over the past two years, including increasing coverage limits, raising retention, or expanding protection. However, obtaining these policies is becoming more difficult; 36% of risk managers noted that renewing their cyber insurance was harder than in previous years. Nonetheless, 95% reported that their brokers played a crucial role in securing renewal agreements.
For companies that have already faced a cyberattack, nearly three-quarters of risk managers have taken steps to enhance their security, including updating or purchasing cyber insurance policies. This growing awareness comes as data breaches, ransomware, and phishing remain top concerns, along with AI-driven attacks.
The 2024 Cybersecurity Risk Managers Report makes it clear: as cyber threats evolve, particularly with the rise of generative AI, the importance of comprehensive cyber insurance cannot be overstated. Companies must reevaluate their risk strategies to ensure they are adequately protected from the increasing sophistication and frequency of cyberattacks.
Other News: The Future of Cyber Insurance: Stand-Alone Coverage + M&A(Opens in a new browser tab).
Other News: Ransomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest Attacks.