Why backups are key to driving down cyber insurance premiums - Image by Gerd Altmann from PixabayObtaining affordable cyber insurance has been tough over the last couple of years. According to reports, insurance payouts have exceeded 70% of premiums, largely driven by ransomware.

The 2024 Crypto Crime Mid-Year Update reveals that 2024 is set to break records. This is due to ransomware gangs resorting to ‘big game hunting’ and pursuing fewer targets that provide bigger yields. The size of ransoms being paid is almost eight times bigger than in 2023, and attacks are becoming more frequent.

As a result, around a fifth of insurers elected to remove ransomware protection altogether in 2023. Others have chosen to cap payments. It has resulted in a change in the underwriting of policies. There is now a much greater emphasis on resilience and the need for organisations to meet certain criteria by improving their cyber hygiene, for example. Some policies are even being customised to the cyber posture of the business.

A key focus has been data storage and backup strategies. If the business can recover its data, it significantly reduces the impact of a ransomware attack, enabling it to resume business as usual.

A striking 46% of respondents now consider a robust backup policy the most important factor for meeting cyber insurance compliance. It is a substantial increase from 28% in 2023. These numbers come from the 2024 Apricorn Annual Survey of IT decision makers and demonstrate a growing awareness of the importance effective backup can play in mitigating the effects of such attacks.

There are no guarantees

It’s a reality that paying a ransom doesn’t necessarily guarantee that the business will get its data back. The 2024 Ransomware Trends report found that over a quarter (28%) of companies could not recover their data after paying the ransom.

In line with this, the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have openly stated that paying a ransom is not advisable. It is also not an acceptable way to deal with a breach and to recover data.

But there’s also another alarming development. The same report also reveals that 96% of ransomware attacks are now aimed at backup repositories. Attackers are now seeking to cut off recovery to force companies to pay.

The Apricorn survey found that automated backup to central and personal repositories has surged to 30%, up from 19% the year before. It shows that backup rates are on the increase. However, with ransomware gangs now targeting backups, it’s even more critical that the data being backed up is encrypted. Additionally, at least one copy should be kept off-line.

Encryption ensures that if the backup is compromised, it remains unreadable. Thankfully, IT decision-makers are well aware of its importance. When asked what tools and strategies they currently incorporate into employee usage policies to meet cyber insurance compliance, the Apricorn survey found that 74% said they encrypted storage at rest (35%) and on the move (39%). Both of these ranked in the top five.

Hardware rather than software-based encryption can often prove more robust. There is no way to subvert the encryption of the data, such as through a man-in-the-middle or brute force attacks.

Multi-layered backup

The Apricorn survey also revealed the need to employ a proven backup strategy. It showed that even with backup in place, a third could not make a full recovery. A multi-layered backup policy can help resolve this by providing belt and braces protection. The idea is to adopt the 3-2-1 rule. Three copies of the data are stored on at least two different media, one of which should be offsite (ideally offline).

It’s also vital to test this backup capability regularly, at least once a month. These tests can then prove to an insurer that the backup channels are functioning. This is important because maintaining a set level of security best practice is key should the business need to submit a claim.

Will increased regulation raise premiums?

Regulation will increase the focus on ransomware and drive further demand for cyber insurance. The Cyber Security and Resilience Bill, due to be put before parliament in 2025, will compel those in scope to disclose ransomware attacks. They were not obliged to do so under the Network and Information Security (NIS) directive.

If the Bill follows the same path as NIS2 on the continent, which came into effect in October, it will also apply to a far wider gamut of industries, all of whom will need to satisfy the requirements. These organisations are also likely to look to underwrite any investment in risk management and incident response. They will also want to protect them against the risk of non-compliance and attack, driving demand.

Such demand could potentially push up premiums. It may seem like a chicken and egg problem, but businesses can reduce that cost by proactively investing in cyber hygiene, putting in place tried and tested backup processes and encrypting data as standard. These steps will deliver the evidence needed to demonstrate that the business has done its due diligence in protecting itself and its data, reducing the level of risk on behalf of the insurance provider.


ApricornApricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.

LEAVE A REPLY

Please enter your comment!
Please enter your name here