The average amount of compensation claimed by organisations using managed detection and response (MDR) services is 97,5% lower than that of organisations using endpoint solutions.
This is according to a new study from Sophos, which finds that the median claim for MDR services users is just $75 000, compared with $3-million for organisations using endpoint security alone.
In other words, when they are the victims of an attack, endpoint-only users generally claim 40-times more than MDR service users.
The lower claims of MDR customers are likely due to the ability of MDR services to quickly detect and block malicious activity, and repel attackers before they can cause serious damage, according to the study.
Bruno Durand, vice-president of sales for southern Europe at Sophos, says: “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options.
“At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place.
“This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”
The study suggests there is also an advantage to using an endpoint detection and response (EDR) or extended detection and response (XDR) tool alongside an endpoint solution. The average claim for users of EDR/XDR tools is only one-sixth of that for users of endpoint solutions ($500 000 versus $3-million).
The study reveals that claims from users of MDR services are the most predictable, while those from users of EDR/XDR tools are the least predictable.
Recovery times vary depending on the solution used by organisations: users of endpoint solutions are positioned “in the middle of the table”, with an expected recovery time of 40 days. Users of EDR/XDR tools are the slowest to recover, with an expected recovery time of 55 days.
MDR service users are the fastest to recover from a ransomware incident, with an expected recovery time of just three days. These results demonstrate the ability of an MDR service to significantly reduce the impact of cyberattacks on organisations.
They also reveal the highly unpredictable recovery times experienced by users of EDR/XDR tools. Nevertheless, it’s important to remember that EDR/XDR solutions are tools and, as such, their effectiveness and impact depend on how they are used.
Sally Adam, senior director: solution marketing at Sophos, concludes: ‘The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not.
“These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.’