Study: Cyber Breach Recovery Times Exceed Insurance Coverage
Companies are taking 7.3 months to recover from cyber security breaches, according to research by Fastly, a cloud computing services provider. The recovery period exceeds initial estimates by 25%, creating a gap between insurance coverage and actual costs.
The extended recovery timeline represents a change in the cyber threat environment, where the complexity of attacks requires longer remediation periods. The financial impact extends beyond immediate system repairs to include business interruption and reputational damage.
This trend affects organisations across sectors, with recovery periods now stretching beyond half a year. The duration creates challenges for business continuity planning and risk management strategies.
Marshall Erwin, Chief Information Security Officer at Fastly, says: "Full recovery from breaches is not getting any faster. The revenue, reputation and time lost damages business relationships permanently and drains resources from other areas of the business."
Data from Sophos, a cyber security software company, indicates the average cost of recovery from ransomware attacks - where criminals encrypt company data and demand payment for its release - has increased by £2.15m (US$2.73m) in the past year, marking a 50% rise.
The extended recovery periods create operational challenges beyond direct costs. Companies face disruption to customer services, supplier relationships and internal processes during the remediation phase.
Insurance market response
The insurance market is struggling to keep pace with these escalating costs. Research from Sophos shows 99% of companies filing cyber insurance claims report their policies failed to cover all recovery costs. The primary reason for this shortfall is that total recovery expenses exceed policy limits.
Insurance providers are reassessing their coverage models in response to the changing risk landscape. The gap between policy limits and actual recovery costs raises questions about the sustainability of current cyber insurance products.
Organisations are responding by increasing their security budgets. Fastly's research indicates 87% of firms plan to raise investment in security tools in the next 12 months, an increase of 11% from the previous year.
The research reveals that 50% of cyber security decision-makers express concern about their preparedness for future attacks, despite increased investment in protective measures.
"We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects."
Responsibility for cyber security is spreading across organisations. Platform Engineering teams now handle 8% of cyber security incidents, compared to Chief Information Security Officers at 14% and Chief Information Officers at 12%.
This distribution of responsibility marks a shift from traditional security models, where cyber defence sat within dedicated information security teams.
"We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects," Marshall says.
Make sure you check out the latest industry news and insights at InsurTech and also sign up to our global conference series - FinTech LIVE and InsurTech LIVE
InsurTech is a BizClik brand
- Allianz: Insurers Focus on Growth Despite Compliance HurdlesDigital Strategy
- Insurers Face Legacy System Exodus as Climate Risk GrowsTechnology & AI
- Capgemini: Insurers Struggle to Extract Value From CloudDigital Strategy
- LexisNexis and TransUnion Partner on Insurance AffordabilityInsurtech