Companies boost their security investments due to cyber insurance stipulations, according to a recent study
A new report by Sophos and Vanson Bourne, released on Wednesday, reveals that three-quarters of companies have invested in cyber defense measures, yet significant gaps remain between recovery costs and the coverage provided by insurance providers.
The research, based on a survey of 5,000 IT and cybersecurity leaders across 14 countries, sheds light on the escalating costs of ransomware incidents. As of 2024, the average recovery costs from ransomware incidents generally range between $1.5 million to $2.7 million, depending on the source and region.
For instance, one report shows recovery costs excluding ransom payments decreased from $2.73 million in 2024 to about $1.53 million recently, reflecting improved remediation and recovery processes. Another source cites a 2024 average recovery cost of $2.73 million including downtime and lost revenue, marking a significant increase from previous years. In the UK specifically, recovery costs (excluding ransom) were around $2.58 million with ransom payments adding significant extra costs. Another broad figure averages costs close to $2 million.
Median ransom demands and payments have varied widely, with median payments reported between $1 million and over $5 million depending on geography and victim response. The percentage of companies paying ransom varies, but ransom payments significantly add to total incident costs.
Cyber insurance often covers a portion of ransomware recovery costs, including ransom payments, remediation, legal, and business interruption costs. However, the coverage limits and policy terms vary widely. Given that average recovery costs can exceed $1.5 million to $2.7 million, many organizations face potential gaps if their insurance limits are not sufficiently high or if policies exclude certain costs.
Insurance providers are incentivizing companies to improve their cyber defenses, not only by meeting minimum cyber defense standards, but also by linking premium costs and depth of coverage to maintaining those standards. Meredith Schnur, regional cyber practice leader at the global insurance brokerage and risk advisory firm Marsh, stated that while cyber insurance policies are effective in paying claims, they are not meant to be unlimited.
Despite these investments, significant gaps remain between recovery costs and the coverage provided by insurance providers, according to Sophos. Chester Wisniewski, director and global field CTO at Sophos, stated that incrementally improving minimum cybersecurity standards, such as PCI-DSS, over time can have a positive effect.
The 2024 State of Ransomware survey from Sophos shows that recovery costs for ransomware rose more than 50% over the past year to an average of $2.73 million per incident. During 2022 and 2023, combined claim recovery at Marsh was approximately 80%.
In summary, the average ransomware recovery costs in 2024 are typically between $1.5 million and $2.7 million, excluding or including ransom payments. The median ransom payments alone can reach $1 million or more, with some cases much higher. Cyber insurance may cover parts of these costs, but organizations need to ensure coverage limits match these high and rising expense levels to avoid uncovered losses. This highlights the critical need for robust cyber insurance tailored to ransomware risks alongside strong internal prevention and recovery capabilities.
- The new report by Sophos and Vanson Bourne reveals that, despite significant investments in cyber defense measures, there are gaps between recovery costs and coverage provided by insurance providers, particularly in the context of ransomware incidents.
- Given that the average ransomware recovery costs in 2024 can range between $1.5 million and $2.7 million, with median ransom payments alone reaching $1 million or more, organizations need to ensure that their cyber insurance coverage limits match these high and rising expense levels to avoid uncovered losses.
- To mitigate cyber risks and manage costs associated with ransomware incidents, it is crucial for organizations to focus on both acquiring robust cyber insurance tailored to ransomware risks and strengthening their internal prevention and recovery capabilities.
