Arraya Insights | March 9, 2022
The increased use of technology throughout the pandemic means there is substantially more data out there for the taking. With more fish to catch, cyber criminals are out there “phishing” at every opportunity.
This drastic increase in cyber crime has led to an interesting time for cyber insurance and has changed the cyber landscape in many ways. These attacks have led to higher claims payouts, forcing cyber insurers to both increase premiums and reduce coverage limits.
Despite these challenges, the demand for cyber insurance remains high. In fact, it’s anticipated that the global cyber insurance market could total $36.85 billion by 2028. Despite the high premiums, businesses and enterprises are recognizing that the risk of falling victim to a cyber attack has become too great to continue uninsured.
As cyber insurers tighten their belts, many companies may find that they’re not eligible for coverage altogether as the list of requirements for eligibility grows. It’s likely that this will continue.
For those looking to ensure they’re in a good posture to get coverage, or reduce their premiums, there are several steps they can take to make themselves a more enticing candidate.
Conduct Your Own Due Diligence
Security assessments are enormously helpful in reviewing your current security posture and determining if there are potential vulnerabilities that need to be addressed. These assessments both help guide your company’s decision making and document your current security strategy for cyber insurers.
There are different types of security assessments and it’s important to understand the value of each and when they’re needed. Common assessments include:
- Business Impact Assessment
- Risk Assessment
- Penetration Test
- Tabletop Exercise
These provide a constructive look into your current posture and can help ensure that you’re in compliance with all required regulations.
Implement Top Controls
Small security measures can make an enormous impact on your overall position. Some cyber insurance companies may not even consider candidates if they haven’t implemented the following:
MFA requires users to present two forms of credentials to access their network, account, or device (rather than one password). This small step could reduce your exposure by 99.9%.
Backing up your data within a separate, secure archive allows your business to continue functioning in the event of an outage. Each business must determine how often they should be backing up their data. For some, this may be required every day and for others, it could be longer.
Should you fall victim to a ransomware attack, your back up capabilities will affect your negotiating power. The stronger your back up position, the more leverage you will have against bad actors.
This extra layer of security scrambles readable data, making it impossible to decipher without an encryption key. This practice is used to protect data while it’s in transit and at rest.
Enforce Continuous Employee Training
Human error remains one of the biggest threats to a business’s cyber security. Even the most robust cyber security defenses can be bypassed if an employee accidently lets a bad actor in.
Cyber threats are uniquely dangerous due to their constant evolution. This makes cyber security training a never-ending process. Each business should foster a company-wide awareness and training program to help their employees stay current on the latest threats. As workers continue to log in remotely, it’s important that these efforts extend out of the office to ensure that every team member is vigilant.
Begin the Micro-Segmentation Journey
While micro-segmentation used to require an extensive networking team, that’s not the case anymore. Micro-segmentation is an extremely effective security technique that divides an organization’s infrastructure at the system or network level.
This provides highly granular visibility and control over data flows within the network. Micro-segmentation contains threats by making it impossible for them to move laterally within your network, should they bypass the firewall. This has become a foundational element of Zero Trust.
Next Steps: Enhance Your Business’s Eligibility for Cyber Coverage
While we can understand why some business owners are frustrated by these heightened security standards, they are necessary. Cyber insurers are often footing the bill when cyber attacks occur, and they’re familiar with the common denominator throughout paid claims.
These tightened security methods have become crucial in protecting everyone’s digital footprint, from businesses to consumers.
At Arraya, we offer security and penetration testing solutions to identify vulnerabilities and remediate any issues. From implementing MFA to beginning the micro-segmentation process, we can help you enhance your cyber security posture, so your business is a desirable candidate for cyber insurance.
Contact an Arraya expert today to learn more.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.