More organizations than ever subscribe to cyber insurance, yet the number of claims are plummeting, according to a new report by UK backup solutions provider Databarracks.
In its 2024 Data Health Check report, the firm found that 66% of UK organizations reported having cyber insurance in 2024, rising from 51% in 2022 and 57% in 2023.
However, organizations making cyber insurance claims dropped from 58% in 2022 to 36% in 2024.
The financial compensation organizations claim has also decreased, with claims over £1m ($1.3m) decreasing from 48% to just 16% in 2024.
Broader Adoption of Business Continuity Plans
Cyber incidents continued to wreak havoc in organizations and are the leading cause of IT downtime (24%) and data loss (46%) in 2024.
However, the Databarracks report also shows that organizations are more resilient than ever, particularly because they are well prepared to respond to cyber-attacks.
For instance, 82% of organizations said they have a business continuity plan in 2024, 57% reported that their plan is up to date.
In 2023, only 73% of respondents claimed to have such a plan and just 49% said it was up to date.
Additionally, three-quarters of organizations have a physical, logical or combined solution for air-gapping their backups.
This proves helpful since 54% of organizations managed to recover their systems from backups and didn’t need to pay the ransom in response to a ransomware attack.
“In previous years, the majority of organizations chose to pay out in the event of an attack,” said the report.
Stricter Cyber Insurance Policies to Fight Ransomware Growth
According to Databarracks, this better preparedness is the cause of the drop in cyber insurance claims.
James Watts, a managing director at Databarracks, also praised recent changes in cyber insurance coverage, which he said pushed organizations to raise the bar in their cyber defenses.
“As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter. The result was that the bar of preparedness was raised. That change has had a fantastic impact on businesses resilience,” he said.
Watts argued that contrary to what some believe, well-drafted cyber insurance policies are not incentives to pay ransoms but encourage victim organizations to step up their cyber defenses.
“Legislating and banning all payments is problematic for a number of reasons, so one of the few factors that could disrupt the growth of ransomware is this shift in the industry. The effectiveness of decryption tools can’t be guaranteed, so there are only two viable options. Pay the ransom or recover from backups,” he concluded.
Databarracks’ Data Health Check is an annual survey of 500 UK IT decision makers.
Read more: Understanding Business Resilience: There’s More to it Than Meets the Eye