Running a business is no easy task. You must keep track of finances, ensure employee productivity, provide customer service, and make sure your IT infrastructure is up to date. If your business accepts electronic payments from customers, you run an increased risk of a data breach, whose consequences can be dire¹. According to IBM’s Cost of a Data Breach Report 2021, the average data breach worldwide cost a record $4.24 million last year, and an average of $9.05 million for U.S. companies². How can you protect your business from such a disaster?
Enter cyber insurance. Also known as cybersecurity insurance or cyber-liability insurance, it protects organizations like yours from the consequences of cyber threats and attacks¹. Purchasing cyber insurance coverage can help you keep your business running smoothly during cyberattacks and their aftermath, while also covering costs incurred while responding to and recovering from them¹. However, keep in mind that your business must meet certain IT requirements to qualify for cyber insurance coverage. In this article, we will discuss these requirements and how to comply with each one.
One key requirement for cyber insurance is that you must have endpoint detection and response, or EDR, implemented across every “endpoint,” including laptops, desktops, servers, mobile phones, tablets, and virtual environments, all of which sit on the ends of your network and thus in a prime position for hackers to capitalize on any vulnerabilities you have³. These devices must be protected. While antivirus software may have worked fine in the past, that is no longer the case. Malware continues evolving into more sophisticated forms, requiring an advanced solution³. EDR is a solution that provides visibility across many endpoint devices and responds to any perceived threats accordingly, which is why many insurers now require this security measure³.
Another requirement for cyber insurance is multi-factor authentication, or MFA. As we discussed in a previous article, this helpful tool combines two or more distinct authentication methods, such as a password followed by an SMS code sent to your phone. Many organizations now require MFA to establish out-of-office network connections, often combining biometrics such as fingerprints or iris scans with passwords and single-use access tokens³. By preventing malicious users from accessing your networks and the valuable information stored therein, MFA can help you secure the cyber insurance policy of your dreams³.
While EDR and MFA are both essential for cyber insurance coverage, you must not overlook the importance of ample cybersecurity training. For example, to purchase ransomware insurance coverage, you must mandate regular IT security and privacy training for all your employees and contractors, at least once annually but preferably more often⁴. Meanwhile, if you wish to buy technology fraud insurance, you need to implement social engineering-related security training with emphasis on baiting, phishing, spear phishing, and other social engineering methods⁴. By requiring cybersecurity training and then buying cyber insurance, you will have added protection against tech fraud as well as harmful malware and ransomware attacks.
Lastly, you should have identity and access management (IAM) in place before purchasing a cyber insurance policy³. This practice “applies sets of rules and practices” so you can track and control your users’ activity³. For instance, IAM can help you “monitor successful and failed login attempts,” while also determining access rights and granting administrative privileges to select users as you see fit³. Not only do these techniques reduce the potential attack surface, but they also minimize the impact of a data breach and prevent such risks as accidental operator error and malicious insider attacks³. Any way you slice it, IAM is essential for any cyber-insured business.
If you are looking to meet IT insurers’ requirements, navitend can help. We offer solutions such as endpoint protection, multi-factor authentication, firewalls, and comprehensive end-user security training so you can secure the best cyber insurance policy for your business.
Call 973.448.0070 or setup an appointment today.
Sources:
¹BusinessTechWeekly.com. “Cyber Security Insurance: Who needs Cyber Liability Insurance & What does Cyber Insurance cover?” by Malcolm Adams. Retrieved from https://www.businesstechweekly.com/legal-and-compliance/gdpr-legislation/cybersecurity-insurance/.
²IBM Security. “Cost of a Data Breach Report 2021”. Retrieved from https://www.ibm.com/downloads/cas/OJDVQGRY.
³Cyber Insurance Academy. “Minimum Requirements in Cyber Insurance” by Syvanne Aloni. Retrieved from https://www.cyberinsuranceacademy.com/blog/2022/04/18/cyber-insurance-minimum-requirements/.
⁴Imagineering LLC. “A Complete Cybersecurity Checklist for Obtaining Cyber Liability Insurance.” Retrieved from https://imagineeringit.com/a-complete-cybersecurity-checklist-for-obtaining-cyber-liability-insurance/#:~:text=In%20order%20to%20obtain%20Technology%20Fraud%20Coverage%2C%20most,%28e.g.%20social%20engineering%2C%20phishing%2C%20spear%20phishing%2C%20baiting%2C%20etc.%29.
Contact us at 973.448.0070