Report highlights urgent need for cyber insurance

The growing complexity of cyberattacks and the escalating financial consequences of data breaches underscore the pressing need for integrated cybersecurity strategies and cyber insurance, according to a new report by cybersecurity firm KnowBe4.

Titled Cyber Insurance and Security: Meeting the Rising Threat, the report reveals that the average cost of a data breach reached $4.88 million globally in 2024, marking a significant increase from $4.45 million in 2023. The financial impact varies significantly by region, with breaches in the US averaging $9.36 million, followed by the Middle East at $8.75 million and Germany at $5.31 million.

Legal complexities, rising insurance claims, and the growing sophistication of attacks present challenges for organizations of all sizes, the report found.

Key findings:

• Increase in cybercrime complaints: In 2023, the FBI received over 880,000 cybercrime complaints, with reported losses exceeding $12.5 billion, a 13% rise compared to 2022.
• Rising ransomware costs: Ransomware attacks accounted for 58% of large claims in 2024, with the average cost per ransomware incident increasing to $432,000, up from $334,000 in 2023.
• Legal pressures and data breaches: The number of data privacy-related class action lawsuits in the US surged to over 1,300 in 2023, more than double the figure in 2022.
• Human vulnerabilities: Human error continues to dominate as a critical weakness, accounting for 75% of data breaches. Social engineering and phishing remain the most common attack methods, responsible for 44% of breaches.

“This latest research clearly indicates that organizations, regardless of size, must adopt a proactive and comprehensive approach to cybersecurity,” said Stu Sjouwerman, CEO of KnowBe4. “Cybersecurity cannot remain an isolated IT function. Instead, it must be embraced as a core component of organizational strategy, ensuring that technological risk management is backed by informed human defenses and comprehensive risk management practices, including cyber insurance.”

Small and medium enterprises (SMEs) are particularly vulnerable. Though their average incident costs – around $205,000 – are lower than those of large companies, the financial impact can be devastating. SMEs accounted for 98% of cyber insurance claims in a study that analyzed incidents from 2019 to 2023.

Call for action

The report advocates for a multi-faceted approach to mitigate these risks. This includes:

• Implementing phishing-resistant multi-factor authentication (MFA) and regular software updates.
• Conducting ongoing security awareness training for employees, which has been shown to reduce phishing susceptibility from 34.3% to 4.6% within a year.
• Partnering with insurers who prioritize proactive risk management strategies.

The full report is available for download on KnowBe4’s website.

Do you have something to say about the latest findings? Let us know in the comments below.