Cyber insurance claims are declining as firms take ransomware recovery into their own hands

Cyber Insurance concept image showing stacked dollar bills placed upon a cliff edge.
(Image credit: Getty Images)

While more organizations than ever have cyber insurance, the number of claims is falling as companies refuse to make ransom payments and tackle recovery themselves.

According to Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers - two-thirds report having insurance specifically for cybersecurity in 2024, a figure that’s surged from 51% over the past two years.

However, just 36% made a claim this year, falling from 58% in 2022. Meanwhile, the amount organizations are claiming has also decreased, with claims of over £1 million falling from 48% to just 16% in 2024.

These numbers are linked to an increasing number of ransomware recoveries, Databarracks said. In previous years, the majority of organizations chose to pay out in the event of an attack. 

However, this has changed drastically so far in 2024, with twice as many organizations able to recover from backups rather than meeting the demands of ransomware groups.

"We have long speculated about the negative effect of cyber insurance policies on ransomware. Organizations were incentivized to pay ransoms instead of refusing, leading to a vicious cycle of payments. The nascent cyber insurance market suddenly became unsustainable," said Databarracks managing director James Watts.

"But then things changed. As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter. The result was that the bar of preparedness was raised. That change has had a fantastic impact on businesses' resilience."

Cyber insurance is prompting an overhaul in security

Insurers are increasingly asking organizations whether their backups are separate and air-gapped from production data, whether they're encrypted, and whether their clients have a business continuity plan and have tested their recovery.

"It encourages organizations to meet industry standards for resilience. As insurers become increasingly strict about their requirements, the importance of thoroughly tested business continuity plans – as well as immutable, air-gapped backups – is reinforced," said Watts.

"This is the influence we hope insurance can have on the cyber landscape. Legislating and banning all payments is problematic for a number of reasons, so one of the few factors that could disrupt the growth of ransomware is this shift in the industry."

The increasing demand by insurers that clients improve their resilience is also having an effect on premiums, according to recent research.

RELATED WHITEPAPER

Analysis from Howdens in July, for example, found that improved cyber hygiene among insured organizations has played a critical role in preventing and mitigating the impact of attacks, which has thereby prompted lower premiums.

Similarly, a survey by Sophos found that virtually every organization that had taken out an insurance policy said it had invested in its security capabilities with the explicit goal of optimizing their insurance position.

Three-quarters of respondents to Sophos’ survey said it enabled their organization to qualify for coverage while two-thirds noted it enabled their organization to get better-priced coverage.

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.