In a tightening market, CFOs are increasingly looking to pinch pennies. But there is one area that CFOs tell CFO Brew that they won’t ignore: cybersecurity.

In a recent study from Grant Thornton, cybersecurity ranked as CFOs’ top challenge in Q1. Due to the macro environment, CFOs are trying to improve their internal protection capabilities before disaster strikes. Cybersecurity risk ranked above supply-chain concerns, customer retention, and forecasting in the Grant Thornton study, which surveyed 274 senior finance executives from industries with between $100 million and $20 billion in annual revenue.

It’s all about risk: Some firms have invested in cyber-related insurance that covers data breaches and ransomware events. But, now the cost of that insurance is rising dramatically, John Pearce, principal in Grant Thornton’s Cyber Risk Advisory practice, said.

Direct-written premiums, or the way that insurance companies stay in business by receiving more than they pay out, have grown 92% year over year according to Fitch Ratings. In 2017, direct premiums hovered at around $1 billion; today, the number stands at $3.15 billion.

When CFOs factor that in, the cyber-costs are only growing, Pearce told CFO Brew. The average cyberattack can cost between ~$3 billion and $4.6 billion, according to IBM Security.

Companies won’t usually say how much they pay hackers in ransomware cases, but Pearce said, in general, they’re paying out in “the low millions of dollars” each time.