U.S. cyber insurers increased their premiums by an average of 96% year-over-year in 2022 alone, and many clients have increased retentions in an effort to keep CLI costs in check. Insurers have also instituted rigorous new requirements to evaluate companies’ security controls before extending coverage.
Global Cyber Market finally began to stabilize in the Q4 2022, largely thanks to renewed competition between markets, a decrease in median ransomware payments during the first half of the year and organizations stepping up their technological controls. In this article we will look back at 2022 and discuss what organizations can expect in 2023 (see Top Cybercrime Predictions for 2023).
Cyber insurers now expect cyber liability insurance policyholders to implement essential security controls to reduce risk.
Reported ransomeware incidents and their severity have skyrocketed in recent years, with monetary estimates of global 2020 cyberattack losses at around USD 945 billion. The types of attacks and targeted sectors have also evolved.
Here are 5 of the most important security controls you should have in place to reduce the risk of a cyber incident and, ultimately, lower the risk for your insurer. Putting these practices in place will greatly increase the odds that you’ll be approved for cyber insurance (see Biggest Cyber Unicorn Startups in the World).
1. Multifactor authentication
Passwords are susceptible to being stolen, guessed, improperly shared, socially engineered and hacked by brute force. Many ransomware and other cyberattacks rely on compromised passwords to penetrate systems.
By requiring one or more additional authentication factors — such as a biometric identifier, mobile app, phone number or security token — multifactor authentication (MFA) makes it tougher for hackers to gain entry and greatly reduces authentication-related risk.
In today’s market, it’s highly unlikely you’ll be approved for cyber insurance if you don’t have MFA in place on your most critical systems (see Global Cyber Crime, Fraud & Ransomware Survey). These include email, VPNs, cloud services, core business systems (such as accounting/ERP and CRM) and industry-specific systems (asset management, medical records, R&D applications holding intellectual property, and so on).
2. Endpoint detection and response
Endpoints like laptops, tablets and smartphones are popular targets for cyberattacks because they frequently offer a pathway to an organization’s networks. Endpoint detection and response (EDR) continuously monitors these devices to detect, alert and respond automatically to incidents.
EDR’s focus is on the continuous monitoring of real-time endpoint activity, in-depth analysis of suspicious processes and response to incidents and breaches. For example, EDR helps security teams spot anomalies that might otherwise go unnoticed and blocks threats before they can spread.
3. Patch management
Cybercriminals love to target known vulnerabilities in outdated software, especially as a ransomware attack vector. This makes a patch management program imperative to keep devices on the latest version of software and firmware to prevent a breach (see TOP 15 U.S. Cyber Insurance Companies).
Besides eliminating security vulnerabilities and reducing risk, a solid patch management program also helps improve system uptime and maintain compliance with regulations like HIPAA and PCI DSS, as well as gives users timely access to new features. Patch management is supported by endpoint management and other IT asset inventory tools because you can’t patch what you don’t know exists.
4. Identity and access management
Credentials are among the top data types stolen by hackers, and hacked credentials lead to more data breaches than any other source. This makes identity and access management (IAM) a focus on many insurers’ due diligence questionnaires (see 10 Basic Tips to Avoid a Potential Victim of Ransomware).
IAM is a set of policies, processes and technologies that help businesses manage digital identities and control user access to sensitive data.
By assigning specific roles to users and making sure they can access only the data and networks they need for their jobs, IAM reduces cyberrisk associated with key initiatives like mobile/remote working and moving applications to the cloud.
5. Secure backup procedures
Many ransomware attacks target backup data, and a top reason for paying a ransom is a lack of recoverable backups. No wonder many underwriters are demanding that businesses implement immutable backups that cannot be encrypted, modified or deleted. Even better is an immutable backup scheme that is also isolated (air-gapped/offline) from the local network.
Following a rise in ransomware insurance losses in 2021 and 2022, the insurance industry is more diligently assessing clients’ cyber risk profiles in a bid to incentivize companies to improve cyber security and risk management controls.
Cybercriminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year, when scammers are particularly active.
Reported ransomeware incidents and their severity have skyrocketed in recent years, with monetary estimates of global 2020 cyberattack losses at around USD 945 billion. The types of attacks and targeted sectors have also evolved.
Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true.
…………….
AUTHOR: Tony Anscombe – Chief Security Evangelist for ESET