Cybercrime has increased over the past couple of years, impacting businesses of all sizes and in all industries. This has prompted many business owners and leaders to explore cyber-insurance, which helps protect organizations from technology-related risks. Unfortunately, in recent months, this type of insurance policy has gotten more difficult to obtain and more expensive to renew.
But there is more business owners and executives could be doing to improve security internally, and with it, their chances of getting cyber-insurance coverage with more favorable rates.
The State of Cybercrime
According to the FBI’s annual Internet Crime Report released earlier this year, a total of 847,376 internet crime complaints were filed in 2021. This is a 7% increase in complaints from 2020 but a staggering 81% jump from 2019.
The FBI notes in its report that much of this spike in cybercrime over the past two years is due to the Covid-19 pandemic, which led to an increase in working from home and virtual meetings. The top three cybercrimes reported last year were phishing scams, non-payment/non-delivery and personal data breaches.
Notably, at least 43% of cyberattacks target small businesses, and the global average cost of a data breach is $4.2 million. This means that, simply put, the cost of dealing with a cyberattack can ruin a business.
Common cyberattacks that can impact businesses are:
• Data breaches
• Business email compromise
• Corporate account takeover
This rise in cybercrime has prompted an increased awareness of and interest in cyber-insurance, a type of policy that protects businesses from various technology-related risks. It offers coverage to help businesses prepare for, respond to and recover financially from cyberattacks.
Different cyber-insurance products provide coverage for different types of cyberattacks. For example, providers may offer cyber liability insurance and data breach insurance as two separate policies.
Depending on the policy, cyber-insurance can help businesses by alleviating the costs of dealing with a cyberattack, such as:
• Business disruption/downtime
• Revenue loss
• Equipment damages
• Legal fees
• Public relations expenses
• Forensic analysis
• Fees and fines associated with legally mandated notifications
• Customer turnover
A Hardening Cyber-Insurance Market
While more and more business leaders are becoming interested in securing cyber-insurance coverage, it isn’t as easy to get as it once was.
The rise in ransomware attacks over the past two years has led more organizations to seek cyber-insurance. Ransomware insurance claims rose 35% in 2020, with the surge continuing in 2021. Insurance companies have taken note of this crime wave, and some are now denying applicants, raising rates and limiting coverage.
Insurance policies and payouts hinge on whether an organization follows IT best practices in cybersecurity. As the cyber-insurance market hardens, insurers are looking for clients with security controls that meet higher standards. That means the more a business can implement cybersecurity best practices, the more likely it will be to get insurance coverage and/or more favorable rates.
IT Best Practices for Cyber-Insurance Coverage
Cybercriminals can infiltrate a system through a variety of entry points. For the greatest level of protection, your Managed Service Provider (MSP) or in-house IT team should take an extensive, multi-layered approach to cybersecurity.
Cyber-insurance applications will ask about the IT protections the organization has in place. Cybersecurity best practices that meet these requirements include:
- Next-Generation Firewall: A network security system that monitors and protects your network from malicious or unnecessary traffic. Next-generation firewalls offer deeper inspection capabilities than traditional firewalls and utilize advanced-protection subscription services for additional threat prevention.
- Email spam filtering: Programs to detect and filter out malicious emails and secure critical business information.
- Virtual private network (VPN): A secure channel between the user’s computer and the office servers that protects against attackers infiltrating the system.
- Security Information and Event Management (SIEM): Software that enables organizations to detect incidents that may otherwise go undetected. This solution makes it easier for businesses to manage security by filtering massive amounts of security data and prioritizing the security alerts the software generates.
- Endpoint Detection and Response (EDR): Consolidates data across all endpoints to provide a full picture of potential cybersecurity threats. When businesses combine EDR with next-generation antivirus software, they can help prevent and detect even the most advanced, targeted attacks.
- Multi-factor authentication (MFA): Anauthentication method that goes beyond simply typing in a user name and password. By requiring users to provide two or more verification factors, MFA helps to protect against attackers infiltrating a system or application by using compromised passwords. Insurance companies want to see MFA enabled on all admin-level accounts with privileged or high-level access.
- Advanced Threat Detection (ATD) and Advanced Threat Prevention (ATP): ATD detects malicious software that has bypassed other cybersecurity measures and infiltrated the system, while ATP identifies advanced malware threats before they enter a system. Both technologies are relevant across multiple security solutions, including next-generation firewalls and EDR software.
- Vulnerability Scanning Management Tool: Monthly vulnerability scans could catch current and upcoming issues that need to be remediated to keep the network and devices secure. Also, conducting monthly IT activity reports that involves ensuring all machines, servers and products are up to date can mitigates potential cybersecurity risks.
Ironically, while cyber-insurance coverage is more important for businesses than ever, it’s also becoming harder and harder to get. Fortunately, organizations that employ IT best practices to protect against cybercrime will have a better chance of getting covered than those that don’t.