The expansion of the digital landscape provides a wealth of opportunity for businesses, however it also presents new challenges in terms of identifying vulnerabilities and creating a secure environment. With this in mind, cyber insurance is no longer a nice-to-have, but a necessity.
As the demand for cyber insurance continues to skyrocket, so do premiums. Companies are now facing challenges accessing coverage due to high costs and the extensive requirements of insurance providers.
There isn’t a single security control or group of security controls that, when implemented, result in a premium savings. However, taking a proactive approach and implementing security controls will make it more likely that you’ll qualify for coverage and help to extend the limits of your policy.
Before taking on a policy, always be sure to consult with an experienced insurance broker who can provide guidance based on your existing security posture and the specific needs of your organisation. You may also wish to read our Cyber Insurance FAQ’s.
The main difficulty with cyber insurance is gaining access to it. With the prevalence of modern cyber crime, insurers are looking to limit their exposure, and are being increasingly selective about who they are willing to offer coverage.
Providers are requesting more information than ever, looking for evidence to demonstrate preparedness as well as details of your organisation’s information technology and operational technology controls. In order to qualify, you must respond to their technically detailed questions in a positive way that satisfies their requirements.
Unfortunately, there isn’t a straightforward formula that we can apply that would show ‘x’ control results in ‘y’ reduced premium. Insurers want to see that you’re taking a collective approach to total security and are dedicated to improving the security of your organisation over time.
Without the proper security controls in place it may still be possible to qualify for cyber insurance, however with an inflated premium, restricted coverage and higher retentions.
Transform Your Cyber Defense: Prioritised Actions for Staying Ahead of Threats.Download
To better understand the state of cyber insurance in Australia, we researched the security controls organisations typically need to have in place in order to boost their eligibility for cyber security insurance. While we can’t guarantee that having these controls in place will qualify you for an insurance policy, adopting a defensive cyber security strategy will only serve you in the long run, regardless of whether you qualify for coverage or not.
The following are some of the baseline cyber security requirements for all businesses, regardless of industry or size.
This security feature should be applied to accounts across your organisation and requires users to provide more information than just a username and password in order to verify their identity before they’re granted access to your environment.
Backing up data on a consistent basis will give you peace of mind in the event of a malware attack. This can include backing up your data on a physical device, like an external hard drive, or in the cloud, ideally through a reliable provider who offers modern encryption standards. You can also create backups directly on your device, but It’s crucial that this is not your only backup in case your device is stolen or corrupted.
Most organisations have privileged accounts that have special accesses and permissions not available to the average user. Hackers are aware of these accounts and often target them as a means to gain access to your most valuable data.
PAM is a comprehensive cyber security strategy that you can put in place to monitor any privileged accounts within your organisation. It’s based on the principle of least privilege (PoLP), meaning that users should only have access to what they need to get the job done. This can help by minimising your privileged accounts and reducing your attack surface.
As your attack surface expands, so do your vulnerabilities. Unknown weaknesses within your systems and software are much more likely to be exploited by attackers, impacting your insurance eligibility and premiums. Increasing your awareness of your own vulnerabilities is key to staying one step ahead of cyber threats. Your cyber security strategy should prioritize identifying, evaluating, reporting on and strengthening your vulnerabilities, mitigating your risk while increasing your eligibility for insurance.
This strategy involves actively monitoring all endpoint devices that have access to your network in order to spot any suspicious activity and respond in a timely and productive manner, effectively preventing an attack before it happens.
As human error is at the heart of the vast majority of cyber security breaches, it’s crucial to conduct regular cyber security training to increase awareness across your organisation. With the cyber security landscape evolving rapidly, training should be scheduled at regular intervals, ideally once a quarter.
It’s important to thoroughly vet any service providers you work with, especially cloud service providers, to identify any potential risks to your business. Inventory any prospective vendors and make sure you understand the risks involved in the partnership. You can perform this assessment yourself or seek the help of a service provider who specialises in this type of investigation.
When it comes to cyber security, the best offense is a good defense. While cyber insurance can be a worthwhile investment, It’s always better to be prepared and take proactive measures against a cyber security breach, rather than passively relying on insurance to come to your rescue after the fact. Being unprepared can result in additional downtime and loss of revenue.
While cyber insurance is designed to cover the financial losses of your business in the event of a cyber attack, other aspects of your business may be difficult to insure, especially if you’re working in a regulated industry and handling sensitive client information. Once a breach occurs, it’s very difficult to re-establish trust and regain the reputation you once had.
The vast majority of breaches occur due to human error; education, training and implementing good cyber security practices may mean you’re less likely to experience a breach. If you do, odds are the consequences will be less detrimental to your business.
In addition, it’s important to keep in mind that cyber insurance policies don’t necessarily cover all types of cyber attacks. Generally speaking, it’s better to prevent an attack from happening in the first place in order to safeguard your valuable data. Take a long-term proactive approach to cyber security to maintain the functionality of your business and protect the reputation you’ve worked so hard to build.
Reach out to Canon Business Services ANZ (CBS) for customised support on improving your security controls and potentially qualifying for better, cheaper cyber cover.