Over the past few years, cyberattacks have increased in number and complexity, and the cost to recover from an incident has increased as well. The average cost for a company to recover from a ransomware attack is $1.82 million, according to Sophos Guide to Cyber Insurance, 2023. That’s a substantial hit for any size company. 

So it’s easy to understand why companies now view cyber insurance as a necessity — and why insurers are more selective about the companies they insure. Insurers need to know that their customers have a strong defense against cyber threats. As a result, most insurers have established strict standards that companies must meet to qualify for cyber insurance, such as using multifactor authentication, backing up data, and knowing where the endpoint vulnerabilities are. 

But maybe the most important thing a company can do to qualify for cyber insurance is to work with a trusted managed detection and response (MDR) provider.

The Value of MDR

MDR is a 24/7 solution provided by cybersecurity experts who monitor, detect, and respond to cyber threats in a way that technology alone can’t. An MDR provider can help your company reduce the risk of a cyberattack, shorten dwell time if there is an attack, and stay in regulatory compliance. Plus, your MDR provider can facilitate the cyber insurance process when applying for a new policy or renewing your existing one.

Reduces the Risk of a Cyber Attack

Companies of every size and industry are at risk of a cyberattack. In fact, in Sophos’ annual ransomware study in 2023, 66% of participants said they were hit by a ransomware attack the prior year. 

MDR reduces the risk of a cyberattack by responding to alerts and proactively monitoring networks, logs, endpoints, and clouds to hunt down would-be intruders before they can cause damage. Full visibility is key to a strong cybersecurity defense. True MDR providers have a holistic view of the threat landscape, with no gaps in visibility, to protect their clients from potential attacks 24/7. 

In a recent interview with The Insurer TV, Doug Howard, CEO at Pondurance, discussed why visibility is so important to cyber insurers. “We’re going to catch things right when we’re starting to see suspicious activity, before it actually has an impact,” said Doug. This ability to detect and shut down that activity in real time can mean the difference between having to file an insurance claim or not.

“[MDR] provides the highest level of protection against cyberthreats, minimizing the risk and the likelihood of making a claim,” according to the Sophos guide. “While rarely a make-or-break requirement for coverage, organizations that use MDR services are often considered ‘Tier 1’ customers by insurers, as they represent the lowest level of risk.”

Shortens Dwell Time if there is an Attack

The average time it takes to identify and contain a data breach is 277 days, according to IBM Security’s Cost of a Data Breach 2023. As your company may well know, substantial damage can occur during that time frame. The longer a bad actor has access to your network, the greater the potential harm — and insurers want to limit that harm as much as possible. 

Partnering with an MDR provider that detects threats in real time can significantly reduce dwell time, the time from when bad actors enter an environment until they are removed. Most MDR providers can tout that their clients don’t get breached. But when they do, within minutes, they can help their clients to stop the attack from spreading. Responding quickly to an attack can significantly reduce the impact of an attack and lower the cost of recovery.

“[MDR] allows a customer to lower their dwell time, so if something gets in their environment, hopefully it is a very short time before it’s detected,” said Doug. He estimates that a company without humans monitoring the infrastructure 24/7 and without sophisticated tools in place may take six to 12 months to detect a threat. MDR can greatly minimize that time frame.

Ensures Compliance

A cyberattack can be costly, but it also compromises the identities and sensitive information of customers, in violation of privacy laws. According to the IBM Security report, personally identifiable information, such as Social Security numbers and birthdates, was included in 52% of all breaches in 2023, and companies paid an average of $183 per lost or stolen record. 

Due to the increase in cyberattacks, many state and federal regulations, such as HIPAA, the Cybersecurity Maturity Model Certification, and the New York Department of Financial Services regulation, now require companies to stay compliant with cybersecurity standards. Also, third-party vendors and suppliers often write cyber requirements into their contractual agreements. Keeping up with these compliance standards can be a daunting challenge, particularly for small and medium-size businesses. 

But an MDR provider can help your company meet its compliance requirements in multiple ways. A provider can keep your company current on any existing regulations and update on any new rules or amendments. The provider can conduct user awareness training to educate employees about how to stay safe from phishing, business email compromise, malicious downloads, and more. Plus, if a breach does occur, your company will have access to a digital forensics and incident response team to help you rapidly recover from the incident and reduce the cost of your loss — and your insurance claim.

Facilitates the Cyber Insurance Process

Cyber insurers are indeed being more selective about the companies they choose to cover. Sixty percent of companies with cyber insurance stated that the quality of their cyber defenses impacted their ability to get coverage, according to the Sophos guide. And the companies that do receive coverage are paying more.

Having an MDR provider can lower your company’s cyber risk, putting you in a better position to receive coverage at a competitive price. In addition, when it’s time to get a new policy or renew your existing one, an MDR provider can help ensure that your company has comprehensive coverage, without unexpected exclusions, for your specific needs.


More and more, insurers are establishing strict standards for companies to qualify for cyber insurance, but having MDR can make an impact on your company’s ability to qualify. An MDR provider can reduce your risk of a cyberattack, shorten your dwell time if there is an attack, and help you stay in regulatory compliance. That way, your company has a better likelihood of securing cyber insurance — and your company stays better protected against cyber threats.

Doug Howard discusses the impact MDR is making on insurance claims in his interview with The Insurer TV. Watch the video here.