“In 2011, hackers breached Sony’s Playstation Network, exposing personally identifiable information (PPI) of 77 million Playstation user account accounts. The breach prevented users of Playstation consoles from accessing the service, an outage that lasted for 23 days.
Sony incurred over $171 million in costs related to the breach. Portions of this cost could have been covered by a cyber insurance policy, but Sony did not have one in place.
A court case ruled that Sony’s insurance policy covered damage to physical property only, leaving Sony to incur the full amount of costs related to cyber damages.” Tech Target
Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an organization can purchase to help reduce the financial risks associated with doing business online. Every type of organization, from global companies to mom-and-pop shops that use technology to do business, face cyber risk. Cyber coverage is a crucial safeguard against the devastating financial consequences of a cyber-attack. Without cyber insurance, a single ransomware attack might shutter your business.
Roughly 41% of businesses have some form of cyber insurance, according to a survey of 5,400 business by insurance provider Hiscox. However, not having the right protocols and security measures in place can not only lead to cybersecurity risk and financial loss, but it may also prevent the insurability of your business.
Here are some ways to increase your likelihood of qualifying for cyber liability insurance.
AllConnected asked Josh Barker, TechRug’s Senior Account Executive & Advisor for answers…
NOTE: AllConnected does not sell or recommend Cyber Insurance. However, we regularly work with our clients to ensure their IT infrastructure, cybersecurity and disaster recovery policies meet or exceed their industry and insurance provider’s requirements.
When you work with a good technology partner, they can be a great resource for helping you navigate and understand what things are risky and what things aren’t to put you in a better spot. Some folks may come to look for just coverage but not realize that there are gonna be some things that your IT support staff or MSP are doing that are going to come into play as well.
Josh Barker
Techrug
The following are the five most common factors that could impact your insurability:
Without security controls, resiliency plans or business continuity plans, organizations will struggle to maintain insurance coverage. Your insurance provider will need proof of your organization’s security measures, ranging from access privileges to penetration testing. Questions to guide your strategy should include:
Developing a comprehensive, ongoing strategy is crucial for insurability. Insurance agencies will request evidence that demonstrates their prospective clients are sufficiently protecting their network before offering any type of insurance claims. However, due to the complex and ever-changing nature of cyberattacks, companies that do not specialize in cybersecurity can struggle to prove the effectiveness of their system without assistance from a managed service provider.
Endpoint security is the practice of safeguarding the data and workflows associated with the individual devices that connect to your network. Endpoint protection works by examining files as they enter the network by using artificial intelligence (AI) and dedicated network analysts to discover, analyze and remediate security breaches before cybercriminals attack.
A managed service provider (MSP) has the time and expertise to implement EDR internally on all devices and monitor your IT environment. IT security tools like:
A multi-layer security stack provides unparalleled threat protection and response services.
What is an endpoint? Any device connected to your network, such as:
By employing continuous monitoring, the EDR solution offers better visibility and allows for your next network and servers to be monitored continuously and for your IT professionals to respond to threat information immediately.
Since ransomware, phishing exploits, and other cyber-attacks are constantly changing, your organization should require ongoing cybersecurity training for every staff member. Effective ongoing cybersecurity training can help your users, develop a zero-trust attitude, identify potential phishing attacks and reports potential security threats.
Creating and maintaining a policy can help prevent adverse outcomes like:
Hackers understand that employees are often the weakest link in an organization’s security. That’s why 98% of cyber attacks rely on some type of social engineering, costing companies $billions every year.
Vishing. Baiting. Pretexting.
Are you familiar with these new Cyber criminal techniques that can leverage ANY connected employee to breach your security?
DRaaS is the replication and hosting of physical or virtual servers by a third party failover in the event of a natural catastrophe, power outage, or another type of business disruption. This means if your organization is hit with a ransomware attack or other disaster, your organization can “spin up” your mission critical databases and other resources from remotely stored backup to reduce downtime and the loss of business.
Managed DRaaS can prove to be particularly valuable for small and medium-sized businesses, which often lack in-house experts able to devise and execute a DR plan. Insurance companies want to know your organization has a disaster recovery plan and other recovery tactics to prove you’re prepared for a possible business disruption.
Multi-factor authentication provides an extra layer of security by ensuring only legitimate users can access accounts and applications. Essentially, with MFA in places businesses have an extra layer of security over their accounts.
MFA tools send users an email, text, temporary 6-digit code, or require a biometric check, such as Face ID or a fingerprint scan, before users can login. MFA is designed to stop attackers from getting into accounts in the case of a password compromise. According to a study conducted by Alex Weinhert, The Director of Identity Security at Microsoft: MFA blocks 99.9% of all attacks.
Multi-factor authentication is an essential part of a comprehensive cybersecurity program. Many IT professionals and security frameworks recommend all businesses, organizations, and people use MFA to secure their accounts and computing devices, but do you know the risks mitigated by MFA?
While MFA is the process of validating users accessing a network, a password manager software tracks and maintains passwords. Usually, these passwords are stored in an encrypted database and locked behind a master password. Since cybersecurity today requires strong passwords nobody can memorize, password managers auto-generate highly secure passwords for you. MFA and password management go hand-and-hand for account and network security. Insurance providers see MFA as a business necessity and if an organization lacks it, this will greatly hurt their chances of being insured.
Cyber liability insurance can be a lifeline in the event of a major incident or breach. Modern challenges like phishing, ransomware, remote workforces, stolen credentials, and the use of personal devices demand increasingly sophisticated cybersecurity practices.
AllConnected understands these modern challenges, which is why we require cybersecurity insurance as part of our managed services and we offer SmartConnect as a service that provides your organization with a number of IT tools including Helpdesk, security, infrastructure maintenance, and network services. This fully managed service includes strategic technology planning with tailored security and recovery based on the NIST 800-171 Framework.
Make sure you’re working with a qualified MSP. Somebody that can align your goals and eliminate some of your fears.
Josh Barker
Senior Account Executive and Advisor, Techrug