Enhanced cyber insurance terms prompt businesses to bolster their security investments, as per a recently published report
In a world where cyber threats continue to surge, a new report by Sophos and Vanson Bourne sheds light on the financial implications of cyber risk. According to the report, released on Wednesday, three-quarters of companies have invested in cyber defense to qualify for cyber insurance.
The report comes as no surprise, as insurance providers are incentivizing companies to improve their cyber defenses. They are linking premium costs and depth of coverage to maintaining cyber defense standards.
Meredith Schnur, regional cyber practice leader at Marsh, stated that combined claim recovery at Marsh was about 80% in 2022 and 2023. This percentage gap grows higher when retentions are taken out. Schnur also stated that cyber insurance policies are effective in paying claims but are not intended to be used as a "carte blanche".
However, despite these investments, significant gaps remain between recovery costs and what insurance companies will pay out. Chester Wisniewski, director and global field CTO at Sophos, stated that incremental improvements in minimum cybersecurity standards, such as PCI-DSS, can have a positive effect over time.
The average recovery costs for ransomware incidents in 2025 range broadly but typically fall between $1.5 million and $2.7 million, depending on the source and what costs are included. For example, one report states average recovery costs excluding ransom payments are around $1.53 million, showing a 44% decrease from the previous year. Another source notes recovery costs averaging about £2 million (roughly $2.5 million) for businesses in 2025, while a separate 2024 figure cites $2.73 million average recovery costs including downtime and lost revenue.
IBM’s data on the average total cost of data breaches (not limited to ransomware) reached $4.88 million in 2024, driven substantially by downtime and post-breach response. This trend of increasing ransom demands and recovery costs outpacing preparatory defenses suggests a potential shortfall in typical cyber insurance coverage. Many businesses are underinsured or have false assumptions that cloud providers handle ransomware recovery comprehensively, which they do not.
The survey findings suggest that there are financial implications to cyber risk. The research is based on a survey of 5,000 IT and cybersecurity leaders across 14 countries. Prior research from CYE showed that the average gap between the actual cost of an attack and the coverage provided by a cyber insurance policy was more than $27 million. The investments were either required to obtain coverage, helped organizations secure lower premiums, or improved the coverage terms of their insurance plans.
In conclusion, despite the investments, significant gaps remain between recovery costs and the coverage provided by insurance providers. This indicates that organizations face significant potential financial exposure from ransomware incidents despite having cyber insurance. Enterprises need to develop a comprehensive strategy to maintain business continuity as ransomware threats surge. Robust preparation and layered defenses are essential to mitigate the financial impact of these attacks.
- The report by Sophos and Vanson Bourne reveals that cybersecurity investments, particularly in cyber defense, are linked to premium costs and coverage depth in cyber insurance, highlighting the financial implications of cyber risk.
- Meredith Schnur, from Marsh, has pointed out that the recovery rate in 2022 and 2023 was about 80%, raising concerns about the potential shortfall in typical cyber insurance coverage, given the high costs associated with ransomware incidents.
- In the era of increasing ransom demands and recovery costs, it is crucial for enterprises to develop a comprehensive strategy for business continuity, emphasizing robust preparation and layered defenses to mitigate financial exposure from cyber threats like ransomware.
