Have You Reviewed Your Cybersecurity Insurance Policy?

Coverage Loopholes

Cybersecurity rates are increasing while coverage is decreasing. Per the Wall Street Journal, “Direct-written premiums collected by the largest U.S. insurance carriers in 2021 swelled by 92% year-over-year”. Most of the increase is due to the sophistication of the attacks, higher ransomware payment demands, and the number of attacks. The State of Ransomware 2021 global survey (per Sophos) includes the following chilling facts:

  • The average cost of remediating a ransomware attack more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now ten times the size of the ransom payment, on average
  • The average ransom paid was $170,404. While $3.2 million was the highest paid out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more
  • The number of organizations paying ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all their data.

All this bad news results in cybersecurity insurance increases for your organization. 

Steps you can take to get the most value out of your cybersecurity insurance

Review your cybersecurity posture – take a self-assessment against theCIS Critical Security Controls (CIS Controls). Seeing how your organization ranks against the control can provide a snapshot of focus areas for improvement before obtaining or renewing your cybersecurity policy. If you aren’t sure where to start with the assessment or need help implementing improvements, Dewpoint’s cybersecurity experts are here to assist.

Review your data – the more highly sensitive data your organization holds, the more risk. Taking the simple step of reviewing your data can reduce your premium. Determine if you need the data to conduct your business and review the best way to safeguard it through additional security and limiting access to critical employees. If you need to print the information, make sure the paper is kept in a locked cabinet and office and destroyed in a secure method. If it is all virtual, use encryption software for email and limit file-sharing capabilities. 

Review your policy for loopholes – most insurance policies do not cover “an act of war.” If a ransomware attack occurs because of the current Russian invasion of Ukraine, would you be covered? It’s an excellent question to ask your provider, given the uncertainty in our world, and determine the definition of “war.” For more information on different types of insurance and what they cover, click here.

What’s Next?

Navigating through the cybersecurity insurance maze can be a daunting task. Dewpoint can help by starting with an assessment to identify gaps in your current environment and recommendations to reduce those gaps. Organizations with poor security controls may be uninsurable or unable to afford a policy if available. Reach out to one of our security experts to help you get the most value out of your cybersecurity insurance and increase your overall security posture.

Five Steps to Lowering Your Cyber Insurance Premium

Increasing Attacks and Higher Premiums

Protecting your company’s assets in case of a cyber security breach is critical. Most organizations choose to buy cyber insurance to cover the cost of paying ransomware and recovering from an attack. With the continued threat of cyber-attacks, insurance premiums continue to rise, and coverage is decreasing. Per Gartner, “Less than one in five organizations spent the past 12 months without experiencing any phishing attack”.

Emerging Threats

Attackers are becoming more sophisticated, and new trends have emerged, such as:

  • Optimize ransomware delivery by using “known good” cloud applications, such as enterprise productivity software as a service (SaaS) suites, and using encryption to hide their activities.
  • Combine ransomware with other techniques, such as distributed denial of service (DDoS) attacks, to force public-facing services offline until organizations pay a ransom.
  • Target individual employees, particularly those working remotely using potentially vulnerable remote access services like Remote Desktop Protocol (RDP)
  • Use multichannel phishing approaches that combine social engineering, voice, text message, email, and web attacks in a single campaign.

With the evolution of cyber threats, insurance is becoming a vital part of protecting your company’s assets.

Controlling Your Insurance Costs

Insurers review specific standards to determine your cybersecurity risk. The better your company scores, the lower your insurance premium. Below are five typical areas the insurer examines and steps your company can take to improve your score.

Enhanced Employee Training

Although most organizations require regular phishing training- training alone is not adequate. In this area, “one size does not fit all.” Instead, it is best to use a mix of small-scale, targeted phishing tests based on employees’ roles, ages, and work-from-home practices. In addition, you must train users to use good judgment, particularly in the difficult task of detecting imposters who request work-related activity. 

Upgraded Multi-Factor Authentication (MFA)

Employees continue to reuse passwords, thus allowing account takeovers. A Harris Poll found that 78% of Gen Z users have the same password across multiple accounts. Hackers use “credential stuffing” (testing existing credentials gathered from public breaches) to access your systems. If MFA is not deployed in your organization, deploy immediately. Don’t allow MFA to be skipped based on a single signal if you have MFA. To further reduce risk and improve your cybersecurity insurance rating, implement a two-factor MFA (2FA) to provide an extra level of security.

Following Backup Processes and Procedures

Ransomware often corrupts the production environment and backups. Appropriate controls are needed to ensure backups remain viable after a ransomware or malware attack. Employing strict processes and procedures can help you quickly restore data from a cyberattack or natural disaster. Backups should be performed regularly, stored offsite, and tested to ensure validity. Although a company typically focuses on the network, they should consider if there are critical items stored on an executive’s phone that should be part of a backup procedure. Showing you are following written processes and procedures and updating when the environment changes will put insurers at ease.

Moving to End Point Detection and Response (EDR)

Although your company may have End Point Protection (EPP) as threats continue to become more sophisticated, is it important to also deploy EDR. EPP targets threats as they hit the perimeter of your network, while EDR aims to target advanced threats that have gotten inside your environment and prevent them from spreading. Since it is nearly impossible for an EPP to catch all threats and prevent them from penetrating your system, an effective endpoint security plan should include both EDR and EPP. 

Reducing Cloud Risk

Although the cloud has been around for more than twenty years, cloud security remains challenging. The most significant risk is from a company’s misconfiguration of cloud services, in large part, due to their extreme complexity. AWS, for example, has over 170 services and more than 7,000 identity principles. Managing all this is a daunting task. Adequate cloud security requires the use of automated tools. Your security team should prioritize investigating and acquiring appropriate tools. A few elements in reducing your cloud risk include:

  • Ensure that you maintain accountability for all the areas you control in all areas of the cloud, but particularly identity, data, and configuration.
  • Invest in tools to validate the security of your entire cloud estate. Don’t neglect SaaS applications that are increasingly supporting critical business processes.
  • Build contingency plans in case a critical cloud service becomes unavailable.
  • Federate cloud identity for all services with your primary identity provider and use robust identity validation techniques (such as MFA) for all users.
  • Be wary of trying to offset cloud consolidation risks by using multi-cloud strategies rather than creating resilience in a single cloud. Such efforts introduce complex and hard-to-determine dependency chains that are more likely to decrease availability than increase it.

What do I do now?

If you need help reducing your insurance costs or increasing your insurance protection, we can assist by evaluating your current security controls and recommending and implementing improvements. Learn more ways Dewpoint can help you ensure your company is Cyber Insurance Ready