Enterprise Shift in Cyber Protection

Throughout the last few years, the cyber landscape has been dominated by rising levels of ransomware attacks, increasing by 105% in 2021 alone.

Sophos’ report (State of Ransomware 2021) revealed that an average ransom paid out now equals $170,404 with remediation costs at $1.85m – ten times the size of the ransom payment on average.

Tremendous Pressure

The increase in frequency and overall cost of ransomware attacks have propelled ransomware to the level of board-level risk and put tremendous pressure on the cyber security industry. In a recent survey, conducted by enterprise security company Panaseer, over 1,200 global enterprise security leaders were polled, and over 4 in 5 (84 per cent) respondents claimed that their board are now onboard with understanding ransomware protection levels.

91 per cent of security leaders report their ransomware protection levels to the board, with 86 per cent reporting that ransomware protection is a budgeted priority for 2022.

Increase on Claims

Along with the proliferation of ransomware has come the increase in frequency and value for cyber insurance claims, with many insurance providers increasing their premium prices and turning away prospects without sufficient cyber security precautions in place. In the UK alone, the cost of cover grew by 92 per cent in the fourth quarter of 2021 alone.

Changes in insurance practices leave businesses in a very tricky position, as cyber insurance is fast becoming one of the main conditions of doing business in a large variety of sectors. Cyber insurance has become the price of admission for the partner ecosystem. Many insurers resolve the issue by requiring some form of verification that the business is taking all correct cyber hygiene measures to effectively price and allocate cover. This is akin to the shift seen in the automobile market with black box insurance.

When the Shift Happens

Businesses and organizations are now willing to make this shift, however many admit to not being ready as of yet. According to survey research, all security leaders are willing to demonstrate cyber security programme strength to their cyber insurers with data-driven metrics, but at a reduction of their cyber insurance premium. None are ready to do this immediately.

29 per cent of security leaders believe that they will be in the right position within the next 12 months, with 57 per cent believing that 13-24 months are more realistic. 14 per cent are not sure when they will be able to share their data. The financial industry is currently the most prepared within the next 12 months, followed by healthcare, utilities, life sciences, energy and finally retail.

For more information on enterprise technology events and any upcoming cyber security conference, check out the upcoming IT Security events 2022 from Whitehall Media.