Organizations face stiff headwinds when it comes to getting the cyber insurance necessary to survive in the face of blistering attacks. The bottom line: as the number of attacks increase – and with it the damage to organizations, cyber insurance is becoming harder and more expensive to obtain.

The challenges are captured in a recent Sophos report: “Cyber Insurance 2022: Reality from the InfoSec Frontline.” Insights in the report were gleaned from a survey of 5,600 IT professionals. Among the findings:

Over the last year, companies have been dealing with the following:

  • A 57% increase in the volume of attack
  • A 59% increase in the complexity of attacks
  • A 53% increase in the impact of attacks

When it comes to ransomware, things are getting worse. When asked if they’d been hit by ransomware in the last year, 66% of respondents said yes – up from 37% when we asked the same question last year. What’s more, the average ransomware payment is now north of $800,000 whereas last year it was around $170,000.

When it comes to trying to get cyber insurance in 2022:

  • 54% said the level of cybersecurity they need to qualify is now higher
  • 47% said policies are now more complex
  • 40% said fewer companies offer cyber insurance
  • 37% said the process takes longer
  • 34% said it is more expensive

But these storm clouds have a silver lining: Almost all of those surveyed have made changes to their defenses in order to secure insurance. Of those who made changes:

  • 64% have implemented new technologies and services
  • 56% have increased staff training and education activities
  • 52% have changed processes and behaviors

For more detail, download the full report.