How much protection does cyber insurance really give businesses?

Issue 1 2023 Information Security, Security Services & Risk Management


Dave Russell.

As the industry adjusts to increasing levels of cybercrime, insurers are increasing premiums and becoming stricter about whom they will insure. However, if organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox. Let's look at the bigger picture of cyber insurance, and what businesses need to do to truly have peace of mind.

The wild west?

The topic of cyber insurance has been dominating the cybersecurity agenda in recent months. Enterprises are, wisely, looking for assurance in the face of near-inevitable cyberattacks. A recent report found that, in the Middle East & Africa, only 14% of organisations experienced no ransomware attacks in 2022, while 18% experienced only one attack. A startling 48% of organisations experienced two or three attacks, and 21% experienced four or more attacks in the same year.

At the same time, the insurance industry is still scrambling to adjust to a threat it doesn’t fully understand. Globally, cyber insurance pricing increased by 28% in Q4 2022, following a 53% increase in the previous quarter.

Alongside rising premiums, insurers are becoming more discerning about who they will or won’t insure – increasing the minimum standards of protection organisations need to pass to be insured. Similarly, the stance on what types of incidents are covered is changing – a major London insurance market recently announced they would no longer insure disruption caused by state-backed cyber warfare.

If it all feels a bit wild west, perhaps that’s to be expected. It's a young and volatile industry and cyber incidents have a unique kind of complexity that insurers and organisations are still getting to grips with. However, businesses need to bear this in mind when looking at insurance. Making a claim can be complex, and as the saying goes – insurers are in the business of not paying. Making a claim can be time-consuming and requires a lot of evidence, adding to the resource stretch in the aftermath of a cyber event.

The ‘best-case’ scenario

Even with a successful payout, organisations must understand that this is not a cure-all to something like ransomware. While the same could be said of any kind of insurance, money can cover losses but doesn't fix the wider impact of the incident. With a cyberattack, the consequences are more unique and more nuanced. A serious security incident has still occurred, and although a financial cushion certainly helps, it does not put out fires on its own.

In the immediate aftermath of an incident like ransomware, you still have the recovery challenge to be solved, often running in tandem with the potential criminal investigation and insurance claim being made. For the enterprise, recovering data, applications and system availability is crucial – every second can cost them thousands of dollars.

The added challenge is that systems typically cannot be recovered to where they were hosted before (where the attack occurred) because, not only is it a crime scene in an investigation, but you cannot guarantee the environment is safe and uncompromised. For example, if your office burned down overnight, you couldn’t immediately build a new one in the same place. You would need to find an alternative working environment for your employees until your office was safe to return to.

Beyond this, there are several potential ‘hangovers’ from the incident. Data quality is one of the biggest concerns, so auditing data sets and checking if any have been damaged is crucial. If recovering using older versions of data and systems, make sure these are updated as soon as possible. Essentially, you need to check that everything is still intact and it still integrates and runs together. At the same time, it is difficult to know if these incidents are over since the risk of reinfection from malware remaining on the system, or the threat of double or triple extortion is high.

Of course, this is all assuming the business recovered without paying ransomware demands. If an organisation does pay the demand (perhaps thinking the insurance will cover the costs of doing so) then there are a whole host of issues that remain. Most significant is the chance that data cannot be recovered, despite paying the ransom, but even if it is ‘successful’, using the decryption keys supplied, it can be an incredibly slow process. Another risk for businesses paying ransomware demands is repeat attacks – gangs often mark those that pay, so that they or other groups can return later for another bite of the cherry.

What can businesses do?

This isn’t to say insurance isn’t worth having, just that it needs to be part of a wider digital resilience strategy. A good data protection model has robust security, backup and recovery processes in place, to not only reduce the likelihood of an attack but more importantly, to prepare the business to respond and recover in the event of a disaster.

On the security side, start by testing and patching systems regularly to find and remove vulnerabilities. Ensure you’re training staff across the business on digital hygiene and secure remote access. This will ultimately help you become more insurable and may even lead to lower premiums. The next thing enterprises need to do is to protect their data and ensure they can maintain IT availability in the event of a cyber incident.

Enterprises need to identify what data and systems they cannot function without and ensure these are copied and stored safely in the event of a ransomware attack. Organisations sometimes assume that they have this in place, either internally or through their cloud provider (this is a common myth), but it is more often not the case. In a survey of thousands of business IT leaders, it was found that 79% have a ‘reality gap’ between the data and systems that the business units expect are protected, and the reality. It is also important that data is stored in multiple copies in a variety of ways such as off-site, off-line and immutable copies.

Finally, businesses need to have the availability protection and disaster recovery processes in place to avoid and reduce downtime as much as possible. The same survey found that the reality gap when it came to availability was even greater, with four out of five businesses not being confident in their IT systems being resilient enough to ensure business continuity. Even with a backup to restore from, IT teams need to have an environment scoped out and ready to recover systems (even if only temporarily) and organisations that design their IT infrastructure with recovery in mind will be able to bounce back much easier.

The cyber insurance industry is going to continue to change and adapt as the threat landscape increases. However, this is only natural when what the industry is insuring is so nebulous and constantly mutating. While insurance can help organisations back on their feet when disaster strikes, it is only one part of the puzzle. As thresholds for being insurable continue to increase, enterprises should not just aim to meet the minimum standard required, but also instead aim to surpass it entirely with a more holistic approach to data protection.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
The role of drones in farm protection
Agriculture (Industry) Security Services & Risk Management
Laurence Palmer reminds us of the role drones play in agricultural security and offers a free security risk assessment template for downloading (link at the end of the article).

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
Your Wi-Fi router is about to start watching you
News & Events Surveillance Security Services & Risk Management
Advanced algorithms are able to analyse your Wi-Fi signals and create a representation of your movements, turning your home's Wi-Fi into a motion detection and personal identification system.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.