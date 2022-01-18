By Sophos India, The cybersecurity sector continues to grow in India, with Forbes India reporting the nation is expected to spend up to $3 billion on cybersecurity in 2022. And it's easy to see why. According to the 2021 Sophos State of Ransomware Report, two-thirds (68%) of Indian organizations have been attacked by ransomware in 2021, with 66 percent of organizations paying an average of USD76,619.

It's clear to see cybersecurity as a focus among Indian businesses, and for good reason. Organizations are right to look at investing $3 billion (as a collective) in their cybersecurity infrastructure, however, it's important investments are made as part of a wider dynamic security strategy that is regularly reviewed and updated. A part of this strategy should include cyber insurance. Organizations must not fall into the trap of prioritizing cyber insurance ahead of all security measures; in fact, insurers may not provide insurance if an organization does not have adequate security measures in place. In addition, by investing and prioritizing security, it can become easier to get coverage, lower premiums, and remove barriers to payouts if you need to make a claim. Let's take a look at some of the key trends to be aware of in the cyber insurance market. The market will harden further Due to increased risks and loss ratios, it is becoming more difficult to obtain cover cheaply. As such, this is compelling organizations to better manage their cyber risks to lower premiums among insurance providers. This is an interesting comparison to how the market was not so long ago. Previously, businesses were able to select a competing provider with lower security requirements to get the protection they needed—that's no longer the case, with insurers having greater influence over cyber practices. More insurers are offering pre-breach security support Providing cyber insurance carries a level of risk for the insurance provider, something each provider needs to carefully manage. As such, a growing number of insurers are offering preventative cybersecurity support to reduce the chances of a breach. By providing this support, insurers are adding value to their customers, while reducing their own risk. This is of particular use and value for smaller organizations that don't have the same resources that larger entities do. Data collaboration could reveal dynamic risk details Data is key for insurers to quantify risks, and they're building partnerships to get it, which means they're getting a more accurate and dynamic view of the immediate threat landscape. This deeper level of understanding has the potential to lead insurers to develop "checklists", helping businesses tackle immediate threats. While useful, organizations must be careful not to focus solely on this guidance provided by insurers, ensuring their infrastructure has 360 protection; third-party security specialists should be sought if support is needed. For example, Sophos Managed Threat Response (MTR) provides unprecedented protection and support to your existing security team. Most managed detection and response (MDR) services simply notify you of attacks or suspicious events, leaving it up to security and IT teams to manage it from there. The issue with this is, what happens if the alert is not seen until the following morning? Cybercriminals aren't going to wait until Monday morning before attacking, they're well aware people take weekends and will often choose these quieter periods to attack. With Sophos MTR, your organization is backed by an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats. By utilizing services like Sophos MTR, you not only protect your organization from attacks but also show insurers you're doing so, therefore laying the platform to negotiate lower premiums. As well as directly improving security, having a policy as a safety net can be beneficial in the event of a large-scale security breach. Insurance can provide organizations with a quick transition for recovery from major attacks. However, insurance should only be implemented as part of a wider strategy that prioritizes detection and protection, ahead of response and mitigation. To learn more, go to sophos.com

