Higher premiums and stricter requirements force organizations to boost their IT security posture.
Cyber insurance provides an important hedge against business-crippling cyberattacks, but policies have become increasingly expensive and difficult to obtain as malicious attacks become more frequent, severe and costly. Forced to pay out more and larger claims over the past two years, insurers have responded by hiking premiums while also requiring organizations to demonstrate high levels of security preparedness to qualify for coverage.
Premiums are up as much as 80 percent from last year, according to the Council of Insurance Agents & Brokers (CIAB). In addition, insurers are raising deductibles, reducing coverage limits and being more selective about who they will cover. Some have also begun excluding ransom payments from their policies, covering only damages and recovery costs.
There’s a growing sense among insurers that clients rely too heavily on insurance for protection instead of investing in robust risk management strategies. As such, underwriters increasingly require potential clients to provide detailed documentation of their cybersecurity practices.
“Three out of four companies do not meet AGCS’ requirements for cybersecurity,” said Marek Stanislawski, cyber underwriting lead at AGCS Insurance. “Companies need to invest in cybersecurity. Losses can be avoided if organizations follow best practices. A house with an open door is much more likely to be burgled than a locked house.”
These are some of the essential security controls insurers want to see in place:
- Secure backups. Ransomware attacks often target backups, encrypting backup data to prevent recovery. Backups should therefore be isolated from other systems. A better alternative is immutable backups, which cannot be encrypted, deleted or otherwise modified.
- Next-generation firewall. An NGFW integrates various security features such as an intrusion prevention system, content filtering and endpoint protection. Specialized processors accelerate many other security functions such as virus scanning, attack detection, encryption and decryption.
- Multifactor authentication. Hackers often exploit weak or stolen passwords to infiltrate systems. MFA reduces the risk by requiring one or more verification factors along with a password or PIN. Most insurers now require MFA.
- Endpoint detection and response. Unlike traditional signature-based threat detection tools, EDR solutions use machine learning (ML) and continuous monitoring to identify threats that make it past initial scans. Many also incorporate machine learning and other advanced techniques to spot stealthy threats.
- Network access controls. Identity and access management solutions provide a framework for managing user identities and strong user verification and access control. They also enable the enforcement of least-privilege access principles so that users can only access the data and systems necessary for their jobs.
- Email security. Email is the most common delivery mechanism for a wide range of attacks. Email filters scan incoming messages for known malware, phishing and executable files before they reach users.
- Patch management. Many cyberattacks exploit systems that have not been updated with the latest patches and security fixed. Due to the high volume of patches, organizations should develop a plan for prioritizing, testing and deploying patches.
- Incident response planning. Organizations can reduce potential losses with well-developed procedures for detecting, responding to and recovering from a cyberattack. The plan should prioritize activities based on business requirements and describe technical procedures for containing and eradicating threats.
- Secure remote access. With today’s remote and hybrid work models, secure remote access is a necessity. Virtual private networks (VPNs), along with encryption, MFA and other security controls, mitigate remote access risk.
- Updated systems. Systems and applications that have reached end of support or end of life no longer receive security updates, making them a ready target for hackers. Most insurance underwriters view companies with outdated systems and no plan for upgrades as poor risks.
- Security incident and event management. SIEM tools analyze security alerts generated by network hardware and applications in real time. That makes them useful for identifying unusual activity and common botnet behaviors such as port-scanning and high rates of failed endpoint connections.
- Awareness training. Regular security awareness training helps users spot the telltale signs of an attack so that they don’t fall for phishing and other threats. An effective training program also promotes general security best practices.
Putting such controls in place can be challenging, particularly for small to midsized businesses (SMBs) with staff and budget limitations. However, the effort produces value. In one recent study, three-quarters of cyber insurance policyholders said insurers’ requirements have driven them to harden the IT environment and improve cybersecurity awareness across the company.
“The rapid increase in ransomware attacks highlighted the need for brokers to work with clients to develop and practice robust risk management strategies to confront the growing threat,” said CIAB President Ken A. Crerar. “In a world where costly cyberattacks are becoming the norm rather than the exception, the broker is in a unique position to help clients identify vulnerabilities, find coverage and protect their firms.”
