More companies than ever are taking out cyber insurance, but the number of claims is falling rapidly, according to a new report from British backup solutions provider Databarracks.
In his Data Health Check 2024 According to the company’s report, 66% of UK businesses said they had cyber insurance in 2024, up from 51% in 2022 and 57% in 2023.
However, the number of organizations filing cyber insurance claims fell from 58% in 2022 to 36% in 2024.
Organisations’ demands for financial compensation have also declined, with claims over £1 million ($1.3 million) falling from 48% to just 16% in 2024.
Wider adoption of business continuity plans
Cyber incidents continue to wreak havoc on organizations and will be the leading cause of IT downtime (24%) and data loss (46%) in 2024.
However, the Databarracks report also shows that organizations are more resilient than ever, especially because they are well prepared for cyberattacks.
For example, 82% of organizations reported having a business continuity plan in place in 2024, and 57% reported their plan was up to date.
In 2023, only 73% of respondents said they had such a plan, and only 49% said it was current.
In addition, three-quarters of companies have a physical, logical or combined solution for air-gapping their backups.
This proves helpful as 54% of organizations managed to restore their systems from backups and did not have to pay a ransom in response to a ransomware attack.
“In recent years, the majority of organizations have chosen to pay when attacked,” the report said.
Stricter cyber insurance policies to combat ransomware growth
According to Databarracks, this better preparation is the reason for the decline in cyber insurance claims.
James Watts, Managing Director at Databarracks, also praised recent changes to cyber insurance coverage, saying they are forcing companies to raise the bar on their cyber defenses.
“As our Data Health Check revealed last year, cyber insurance prices have increased significantly and requirements for insurance coverage have become more stringent. The result has been to raise the bar for preparedness. This change has had a fantastic impact on business resilience,” he said.
Watts argued that, contrary to what some believe, well-crafted cyber insurance policies do not incentivize ransom payments, but rather encourage victim organizations to strengthen their cyber defenses.
“Legislating and banning all payments is problematic for several reasons. One of the few factors that could stop the growth of ransomware is this change in the industry. The effectiveness of decryption tools cannot be guaranteed, so there are only two viable options. Pay the ransom or restore the data from backups,” he concluded.
Databarracks’ Data Health Check is an annual survey of 500 UK IT decision makers.
Read more: Understanding business resilience: There is more to it than meets the eye