Databarracks’ annual Data Health Check survey of 500 UK IT decision-makers has revealed that while cyber insurance uptake has increased, the number of claims has seen a significant decline.
According to the survey, 66% of respondents reported having cyber insurance in 2024, an increase from 51% over the past two years. Despite this rise in coverage, only 36% of organisations made a claim this year, down from 58% in 2022.
The decrease in claims may be linked to the growing success of ransomware recoveries. In previous years, many organisations opted to pay ransoms following an attack. However, 2024 has seen a marked shift, with twice as many organisations now recovering from backups instead of paying ransom demands.
The survey also noted a reduction in the value of claims, with the percentage of claims exceeding £1 million dropping from 48% to 16% in 2024.
James Watts (pictured above), managing director at Databarracks, noted that the impact of cyber insurance on ransomware practices has been a topic of concern. Watts stated that organisations were previously incentivised to pay ransoms rather than refuse, which perpetuated a cycle of ransom payments. This, in turn, placed unsustainable pressure on the emerging cyber insurance market.
However, Watts highlighted a shift in the landscape, driven by rising cyber insurance costs and stricter requirements to obtain coverage. These changes have elevated the level of preparedness among businesses.
Watts also explained that insurers are now more stringent in their evaluations, asking critical questions such as whether backups are separate and air-gapped from production data, whether they are encrypted, whether a business continuity plan is in place, and whether recovery processes have been tested.
The survey results indicate a significant change in behaviour, with organisations now twice as likely to recover from backups rather than pay ransoms. Watts emphasised that while paying a ransom may appear to be a quick and cost-effective solution, it often comes with risks, including the possibility of not recovering the data and the increased likelihood of being targeted again.
The increased uptake of cyber insurance has had two main effects, according to Watts. Firstly, it provides financial protection for businesses in the event of an attack. Secondly, it drives organisations to meet industry standards for resilience, as insurers demand more rigorous preparations, such as tested business continuity plans and secure, air-gapped backups.
Watts expressed hope that this shift in the industry could have a positive impact on the cyber landscape.
“Legislating and banning all payments is problematic for a number of reasons, so one of the few factors that could disrupt the growth of ransomware is this shift in the industry,” he said.
Given the uncertainty surrounding the effectiveness of decryption tools, Watts argued that organisations have two viable options: pay the ransom or recover from backups.
He stressed the importance of ensuring that organisations have the means and confidence to recover quickly, at minimal cost, and with limited disruption to operations.
What are your thoughts on this story? Please feel free to share your comments below.
