Market research by several cyber security and data protection firms reflects an increased interest in cyber insurance as business leaders muster defences against ever-present sophisticated cyber threats – with the human factor remaining the biggest headache for business leaders.
According to KnowBe4’s latest research paper, Cyber Insurance and Security: Meeting the Rising Threat, the human factor remains the most vulnerable aspect of cyber security, and accounts for 75% of data breaches.
The research also found that cyber attack expenses are escalating rapidly, extending beyond immediate disruptions to include legal fees, fines and reputational harm.
KnowBe4 reports the average cost of a data breach globally surged to $4.88 million in 2024.
Anna Collard, SVP, content strategy and evangelist at KnowBe4 Africa, said from a local perspective, South African businesses are increasingly recognising cyber insurance as a necessity amid rising cyber threats.
Collard cited the Sophos Cyber Insurance and Cyber Defenses 2024 report, which shows that 52% of South African participants have taken out dedicated cyber insurance, while 42% rely on broader insurance packages for cyber coverage.
“Local insurers are also adapting – offering more tailored solutions, including personal cyber insurance, to protect individuals against cyber extortion, identity theft and fraud, as well as SME-focused policies to meet the needs of smaller businesses with tighter budgets,” said Collard.
“The adoption of cyber insurance is contributing to improved security postures among their clients as insurers require robust cyber security measures as part of their underwriting criteria, prompting organisations to enhance their defences. So, an increase in local cyber insurance coverage will ultimately lead to strengthening overall national resilience against cyber threats,” she added.
Financial impact
Sophos has also unveiled the results of a new independent study to quantify the financial impact of various cyber security controls on cyber insurance claims.
The study reveals the different impact that endpoint solutions, EDR (endpoint detection and response)/XDR (extended detection and response) technologies and MDR (managed detection and response) services have on claims resulting from an attack.
The study reveals the average amount of compensation claimed by organisations using MDR services is 97.5% lower than that of organisations using endpoint solutions.
The median claim for MDR service users is $75 000, compared with $3 million for organisations using endpoint security alone. In other words, when they are the victims of an attack, endpoint-only users generally claim 40 times more than MDR service users. The lower claims of MDR customers are likely due to the ability of MDR services to quickly detect and block malicious activity and repel attackers before they can cause serious damage.
In the second half of 2024, Mimecast processed more than 90 billion data points for over 42 000 customers. According to the Mimecast H2 2024 Global Threat Intelligence Report, attackers are targeting core communication channels such as e-mails and cloud platforms.
The report also found that 68% of breaches were linked to human error, with most breaches involving non-malicious employee mistakes. This reaffirms the ongoing need for tailored cyber security training.
Mimecast said the report highlights a concerning trend of cyber criminals using trusted platforms to distribute malware or phishing attacks – an approach known as “living off trusted services”.
This evolution signals the need for robust security measures that go beyond traditional defences.
The company affirms that human error remains a challenge, with 68% of breaches involving a human element.
Employees click phishing links, fall for deepfake scams or mistype sensitive information, leading to vulnerabilities.
The company cites the Verizon Data Breach Investigations Report, 2024, according to which 34% of employees fear they might cause a breach despite growing awareness. This highlights the necessity of regular training programmes aimed at minimising risks through education and vigilance.
Sally Adam, senior director, solution marketing at Sophos, said: “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyber attacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cyber security. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”
Share