Singapore leads in cyber insurance with 96% adoption rate

About 76% of businesses reinforced cyber defences to qualify for insurance.

Globally, Singapore showed the highest cyber insurance adoption rate at 96% with a standalone policy adoption rate of 68%, a Sophos survey revealed.

Other countries in the region included were India and Japan with 96% and 87% adoption rates, respectively.

Nearly every organisation (99.6%) that improved its cyber defences reported a positive impact on their cyber insurance position. 

Over three-quarters (76%) of respondents stated that their investment in cyber defences enabled them to secure insurance coverage that would otherwise have been unattainable.

“The fact that 76% of companies invested in cyber defences to qualify for cyber insurance shows that insurance is forcing organizations to implement some of these essential security measures. It’s making a difference, and it’s having a broader, more positive impact on companies overall,”  Chester Wisniewski, director, global Field CTO said in a media release.

“However, whilst cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy. Companies still need to work on hardening their defences. A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint, and having cyber insurance doesn’t change that” Wisniewski added.

Two-thirds of organisations accessed better-priced coverage, including cheaper premiums or lower deductibles, due to their improved cyber defences, according to the “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.”

However, 30% of respondents reported that their enhanced protection allowed them to obtain better terms, such as higher coverage limits.

It also confirmed that 90% of organisations with 100-5,000 employees have some form of cyber insurance. Half of these organisations have standalone policies, whilst 40% include cyber coverage in a broader business insurance policy. 

Revenue size has minimal impact on having coverage, with 92% of those earning under $50m annually and 93% of those with over $1b annually being insured. 

Adoption rates by industry show the highest rate in the energy, oil/gas, and utilities sector at 97%, with 68% using standalone policies. This sector faces high regulation and potential liability, along with legacy technology issues. The central/federal government and IT sectors have the lowest adoption rates at 81%.

Organisations cite various reasons for adopting cyber insurance: 48% for general awareness of cyber threats, 45% as part of a cyber risk mitigation strategy, and 42% due to client or partner requirements. Senior management requests influence 38% of purchases, while regulatory requirements motivate 34%.

By industry, energy, oil/gas, and utilities sectors have the highest purchase rate due to business requirements (49%), while the media, leisure, and entertainment sectors have the lowest (31%).

Nearly all organisations that purchased cyber insurance last year also invested in improving their cyber defences. Energy, oil/gas, and utilities sectors made the most significant investments (73%), reflecting their legacy technology challenges and critical infrastructure risks. Government sectors reported the lowest levels of major investments, possibly due to budget constraints.

Insurers usually pay out on claims but rarely cover the full incident cost. The most common reason for incomplete coverage is exceeding policy limits (63%). 

On average, insurers cover 63% of total incident costs, with the modal payout rate being 71-80%. Organisations should ensure their policies provide adequate coverage and follow policy requirements to avoid denied claims.

“Investments in cyber defences appear to have a ripple effect in terms of benefits, unlocking insurance savings that organizations can be diverted into other defences to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution.” concluded Wisniewski.