Organisations Without Cyber Insurance Report Incident Costs 69% Higher Than Those That Do, Finds S-RM

Cybersecurity
19.12.2023 10:55 am

In the annual Cyber Security Insights Report 2023, global corporate intelligence and cyber security consultancy S-RM has found that the direct cost of a cyber incident has increased by 11% in 2023 to an average of $1.7m.

The report found this average rises to $2.7m among organizations without cyber insurance, demonstrating the increased risk faced by companies that do not have adequate insurance in place.

Organizations surveyed reported that the top three factors contributing to growing cyber incident costs are increased insurance premiums (37%), operational downtime (36%), and recovery and response costs (32%).

Bigger risk for bigger firms

S-RM’s research shows large organizations in particular should make sure they have invested in cyber insurance, with 30% of companies with a revenue between $500m and $1bn experiencing a ransomware attack in 2023, compared to 40% of larger companies with a revenue between $10bn and $25bn.

The risk is higher amongst larger organizations because they are more likely to hold greater volumes of sensitive data, and often have broader operational footprints which are harder to govern consistently.

Jamie Smith, Board Director, and Head of Cyber Security at S-RM, commented:

“It almost goes without saying that the larger the organization, the bigger the target it has on its back. However, most of these sizeable companies will have much more expansive budgets that they could, and should, be putting towards cyber security. Paying a regulatory fine, facing increased premiums, or recovering from downtime all carry a far higher cost than ensuring you have adequate cyber budget allocated.”

Paul Caron, Head of Cyber Security, Americas, at S-RM, added:

“For many companies and organizations, cyber insurance has far exceeded being just a ‘nice to have’, and our most recent data shows exactly why it is so essential to be properly insured against cyber incidents and data breaches. Premiums may be rising, but without adequate insurance, the regulatory, reputational, and downtime risks are far higher – businesses must take note.”