A quarter of businesses with standalone cyber insurance act quicker

About 37% of enterprise respondents secured $100m or more in coverage.

Standalone cyber insurance, whilst not widespread, is increasingly viewed as a critical tool for risk transfer in today’s digital business environment. Organisations with standalone cyber insurance are more likely to invest in comprehensive security strategies, including the adoption of Zero Trust architectures, a recent report by Forrester revealed.

These organisations also demonstrate better incident detection, response, and recovery times compared to those with cyber coverage embedded within other business insurance policies or those without any cyber insurance.

The report suggests that enterprises with more complex IT environments and those holding large volumes of customer data are more inclined to opt for higher coverage amounts, with 37% of enterprise respondents securing $100m or more in coverage, Forrester’s Security Survey, 2023 showed.

Forrester's findings also indicate a strategic shift towards cyber insurance as a priority for business risk management. According to the 2024 Priorities Survey, 12% of global business and technology professionals plan to purchase standalone cyber insurance policies as a key action to mitigate enterprise risk.

The report further reveals that enterprises with standalone cyber insurance tend to have better cybersecurity outcomes. For example, 25% of organisations with standalone cyber policies report detecting cyber incidents within seven days, compared to 18% of those with cyber coverage within another policy. 

Similarly, 29% of these organisations respond to incidents within seven days, a significantly better rate than those without standalone policies.

Moreover, the report emphasises that cyber insurance carriers often require policyholders to select service providers from pre-vetted panels. Among enterprise respondents with cyber insurance, 69% indicated that their insurers required them to use such panels for services like digital forensics, incident response, and ransomware negotiations.