The modern digital environment is riskier than ever and the incidence of cyberattacks has only increased throughout the COVID-19 pandemic. Today, even the most robust security systems can still be penetrated or breached by a sophisticated cyberattack. This means businesses can no longer afford to be complacent when it comes to security.
In the event of a breach, you may need cyber insurance to receive funds to rebuild your business, fix your website, or pay fines for lost customer data. And to make sure your cyber insurance claim is accepted, you’ll need to make sure you know what insurers are looking for in cyberattack claims.
Is cyber insurance really necessary?
Short answer – yes! Perhaps largely due to the COVID-19 pandemic, cyberattacks are on the rise. As more businesses have transitioned to remote working while using insecure systems, the costs of hacks, database breaches and other attacks have resulted in the loss of millions of dollars across all sectors.
Naturally, cybersecurity claims have increased alongside cyberattacks. An insurance company said it handled more claims in the first half of 2021 than it did in any other comparable period to date.
This follows a broader trend with insurance claims across all sectors and types. For example, since the start of the pandemic, the number of Canadians purchasing a life insurance policy has increased by 50%. Much like life insurance, it may be time for you to consider the long-term financial well-being of your cybersecurity business.
Cybersecurity insurance is very important as it can protect your organization against unforeseen costs. Following a cyberattack, you may need to recover customer data, cover legal fees and expenses, and repair damaged computer systems. All of this will have to come out of your organization’s pocket if you cannot file a successful insurance claim.
Common causes of cyberattacks
Cybersecurity needs are unique to every business, but most cyberattacks share some common traits. Naturally, many of these features are addressed in cybersecurity insurance applications, so you should consider these factors when applying for insurance coverage.
Some of the most common aspects reported in cyberattacks include:
- Weak Passwords. This is listed as a possible cause for over 80% of breaches. Weak passwords can include simplistic passphrases, unprotected passwords, or not changing critical passwords regularly enough.
- Poor or outdated antivirus software. Many successful cyberattacks involve different types of malware that cause or contribute to the larger breach.
- Poor digital hygiene among employees. Humans are often the weakest link in cyber defenses, especially those working remotely. For example, working in an unsecured environment, such as a cafe’s Wi-Fi network, can lead to digital breaches.
Ultimately, you need to make sure your organization is taking the right steps to counter these potential threats and make sure you’re eligible for insurance payout if you’re impacted by a cyberattack.
What are cyber insurers looking for?
When filing an insurance claim, the last thing you want is for your claim to be denied, especially as the pandemic continues to impact cybersecurity. Even if the insurance company in question allows a claim, it could delay the funds you need to recover from a successful cyberattack.
Cyber insurers generally look for a few major factors when determining whether to pay a customer’s insurance claim. These include the following:
Maintaining a strong password
For starters, you need to make sure your passwords are always strong and everyone in your organization follows proper password protocols. Poor password management is probably the most basic form of access management failure.
Some best practices include:
- Use complex passwords that cannot be easily guessed or brute-forced
- Do not write down passwords on paper or keep them in unsecured areas
- Regularly rotating or updating passwords
- Require multi-factor authentication
Although many cyber insurance companies do not require password strength or security as a criteria for underwriting an insurance claim, you should still practice good overall password hygiene. Poor password hygiene can lead to a very embarrassing data security breach and can reduce your chances of having a claim accepted if you don’t take basic steps to protect yourself.
Appropriate use of the firewall
You’ll also want to make sure your firewalls are secure enough to withstand modern malware attacks and are regularly updated. Failing to update your firewalls regularly could result in your claim being denied, as your cyber insurance company may view this as evidence that you are not doing your part for cybersecurity.
Physical security checks
Implementing some physical security controls in your organization could also do wonders for your broader cybersecurity. If the time ever comes to claim cyber insurance, you’ll be able to point to physical security controls and show that you did everything you could to avoid or stop the attack in time.
Some physical security practices include:
- Implement access controls on servers and routers
- Remove sensitive data from the reach of potential cybercriminals via external hard drives
- Prevent remote employees from using personal (unsecured) devices for sensitive activities
Regular software updates
Encrypted mobile traffic
If your employees work from anywhere except the office, make sure mobile devices are encrypted and they practice good digital hygiene. For example, remote workers may need to use a VPN when connecting remotely to sensitive company information or tools.
A VPN can mask IP addresses and make access to sensitive corporate data much more difficult, if not impossible, for a potential malicious actor. Other encryption software tools can make even basic smartphones relatively secure and allow employees to complete their work remotely without compromising the rest of their organization.
Increased monitoring of user management
Finally, user management processes such as updating who has administrator access to important information or systems are also an essential part of a good cybersecurity routine. Make sure your company only provides admin access to a limited number of employees, as unnecessary access could get you denied an insurance claim. Also, regularly update who has access when employees leave or responsibilities change.
Conclusion
You never want to be denied cyber insurance when you need it most. If you are the victim of a cyberattack and your system goes down, you need to get back up and running as soon as possible to recover lost traffic and prevent your customers from losing trust in your organization.
Cyber insurance payouts can help you manage your risks, recover from a cyberattack, and pay for any costs you may have incurred. Having each of the above items as part of your cybersecurity practices will also make it easier for a cyber insurer to place an insurance policy in the first place, and you’ll be more likely to receive payout in the event of a breach.
About the Author: Gary Stevens is an IT specialist who is a part-time Ethereum developer working on open source projects for QTUM and Loopring. He is also a part-time blogger on Privacy Australiawhere he discusses online security and privacy.
Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.
