January 6, 2022
We all read the headlines and know cybercrime against business is rising. Per Cybercrime Magazine, “cybercrime has a worldwide cost of $6 trillion in 2021 and may reach $10.5 trillion in 2025. If cybercrime were a country, it would be the world’s third-largest economy”. With the pandemic continuing to persist, resulting in a remote workforce, you can almost be sure of increased cyber-attacks. According to a study conducted at the University of Maryland, “on a global scale, an attack occurs every 39 seconds. Using scripts that try to guess usernames and passwords to get into a network, hackers target an increasing number of computers daily”.
Cybersecurity insurance is becoming a must-have staple policy to protect your business. Your insurance rate and policy coverage will depend on your current environment and the security processes in place. Typical sample questions asked when applying or renewing include:
Is Multifactor Authentication (MFA) always enabled on all email accounts using remote access
Do you maintain daily offline backups for all of your critical data? What is the frequency of backups, the technology used, and other pertinent information?
Have you had a cyber security event in the past? If so, what was the resolution, and what steps have you taken to prevent future events?
Do you have a dedicated CISO or security team? It can be either in-house or through a vendor.
Do you conduct vulnerability scanning and penetration testing?
Do you provide annual training, including phishing training, for your employees?
What IT infrastructure controls do you have in place? What vendor tools do you use?
Have you developed a Business Continuity Plan, Disaster Recovery Plan, and Incident Response Plan?
To ensure you get the best rate and policy, our security consultants can help by doing a security assessment to avoid surprises. We use a proven methodology to assess your environment based on the Center for Internet Security (CIS) controls (the industry standard for cyber security). The CIS Controls list high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve their cyber defense. The CIS Controls map to most major compliance frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO 27000 series, and regulations such as PCI DSS, HIPAA, NERC CIP, and FISMA.
Our assessment compares your current processes against the controls providing a snapshot of areas needing improvement and your score against the standard. We start by understanding your technical environment through a pre-assessment questionnaire and facilitated meetings. Once we have evaluated your environment, we provide a concise report showing your score in each area, with recommendations to improve your score. We can assist you in implementing the recommendations, or your IT team can take over. Either way, your cybersecurity risk is reduced by implementing the improvements, and your cyber insurance policy will cost less and cover more. Learn more ways Dewpoint can help by contacting us today.