A study by Sophos shows that companies using MDR services have lower damage claims and recover faster after a ransomware attack.
Organizations that use Managed Detection and Response (MDR) services claim on average 97.5 percent less compensation after a cyber attack than organizations that only use endpoint security. This is shown by an independent study commissioned by Sophos on the impact of various security solutions on damage claims after a cyber attack. The average damage claim for an organization using MDR is $75,000. For organizations that only deploy traditional endpoint security, this increases to an average of three million dollars.
Lower Damage Claims
According to Sophos, the difference can be explained by the rapid detection and response time of MDR services. These work with an external team of specialists that monitor suspicious activities 24/7 and can intervene quickly. As a result, damage can be limited. Endpoint security, on the other hand, depends on local resources and expertise. Organizations that deploy EDR (Endpoint Detection and Response) or XDR (Extended Detection and Response) in addition to an endpoint solution also claim less on average.
read also
What is a SOC and Why Do You Need It?
In that case, the damage amount decreases to an average of $500,000, which is still significantly higher than with MDR usage. Additionally, the damage claims of MDR users are much more consistent. This makes the impact of attacks more predictable for both organizations and insurers. The claims of users of EDR/XDR tools, on the other hand, show more variation, which according to the research is because their effectiveness strongly depends on the internal capacity to respond quickly and adequately.
Faster Recovery
Not only are the damage claims lower with MDR usage, but the recovery time after a ransomware attack is also shorter. Organizations with MDR recover on average within three days. With EDR/XDR usage, that’s 55 days, and with traditional endpoint security, recovery takes an average of 40 days.
The research was conducted by Vanson Bourne on behalf of Sophos, and is based on 282 damage claims from 232 organizations worldwide. The participants used various solutions from a total of nineteen endpoint and fourteen MDR providers. All organizations also used Multi-Factor Authentication (MFA) at the time of the attacks.