Ransomware attacks have made cybersecurity top of mind for global businesses. What is increasingly getting more attention, though, is the connection between cybersecurity and cyber insurance.
Consider a couple of noteworthy statistics, according to new research that’s focused on cybersecurity trends for mid-sized organizations:
● Cyber insurance uptake is significant, with 100% of companies stating they have cyber insurance.
● In addition, cyber insurance premiums have continued to increase. Nearly half of organizations (47%) experienced premium increases of 76% or more in the past year.
Ransomware is a major driver for these cyber insurance premium increases. Furthermore, an organization’s ability to manage ransomware effectively is a key factor in the cyber insurance renewal process. Proactively addressing ransomware is especially critical for companies in the mid-sized range, given that they are typically tight on IT resources. And, the higher the risk companies experience from malware, the harder it can be to obtain coverage.
Importance of Cybersecurity Hygiene
While cyber insurance can significantly impact a company’s bottom line, adhering to the cybersecurity hygiene and data protection practices below can mitigate the risk of rapidly evolving threats and keep premiums manageable.
● Reduce data sprawl. Over half of mid-sized organizations manage 10 or more file repositories (e.g., email, collaboration/productivity tools, personal devices, and unauthorized cloud storage). By addressing data sprawl, organizations can reduce their overall attack surface and increase users’ productivity.
● Utilize multi-factor authentication (MFA) and practice defense in depth. Cyberattackers try to locate sensitive data the fastest way possible and with the least amount of resistance. Implementing MFA is an effective protection strategy that generates rapid benefits, especially for organizations with limited IT security budgets. Previous research from Microsoft indicates that those who enable MFA can block up to 99.99% of automated account hacks. Ultimately, the best security protection is multi-layered, meaning that organizations should implement a combination of anti-virus protection, data encryption, and intrusion detection systems.
● Take insider threats seriously. Companies should assume that everyone is a potential insider threat. Why? As ransomware and insider threats continue to converge, there have been instances in which ransomware gangs work with company employees directly to facilitate attacks. By centralizing their data views to understand what content is being accessed, and by whom, organizations can detect potentially malicious activity by recognizing commonplace user behavior and patterns. It is recommended that companies also limit users’ file access based on a ‘business need to know’ basis.
● Implement ransomware detection and recovery solutions. Organizations can put technology on their side by investing in a solution that can detect ransomware signatures and flag unusual file behavior, such as high-volume encryption activity. These platforms can also allow businesses to “roll back” to previous versions of important files should an attack occur.
Planning Effectively for Potential Cyberattacks
In addition to the best practices outlined above, a particularly effective defense strategy is to create a comprehensive incident response plan and keep it up to date. Only 64% of mid-sized organizations have a formal incident response plan. Without an overarching plan, it is much more difficult for businesses to recover from cyberattacks.
One of the best ways for businesses to jump-start an incident response plan is to practice via tabletop exercises. Just as a company executive prepares before a major presentation, organizations must practice their incident response plan before an incident occurs. These tabletop exercises should involve all major organizational functions like executive and corporate communications so that key stakeholders can discuss and fine-tune their roles and responsibilities in response to future incidents. Typically, these exercises are moderated by a facilitator or project sponsor.
As far as what an effective incident response plan looks like, there are a few essential components. An incident response plan should include a mission statement and formal documentation of roles and responsibilities. There must also be documentation for cyber threat preparation — the processes currently in place to prevent and respond to cyber-attacks — and documentation for incident detection, such as reporting for unusual activity and social engineering exploits.
After a detected incident is documented, a decision must be made on whether the organization’s incident response plan should be activated. This is vital, as defining an incident too narrowly could result in a less effective response, while too broad of an approach could tie up valuable resources by responding to minor incidents.
Once an incident is officially declared, there needs to be a process in place to manage and contain the incident effectively, including unplugging all impacted machines from the network and interviewing affected users. There should also be recovery plans that are laser-focused on re-establishing business productivity, such as testing affected systems before bringing them back into production and announcing the formal closure of the incident. Finally, a post-incident review should always be completed to detail key takeaways and, ideally, prevent the incident from happening again.
Cybersecurity and Cyber Insurance Are Inherently Linked
The cyber insurance marketplace has experienced unprecedented changes over the past few years. There have been large payouts from ransomware attacks, while companies have been susceptible to supply chain risk, and new threat vectors have emerged as a result of the shift to hybrid/remote work. All of this has influenced how cyber risks are perceived and evaluated.
What has not changed, though, are the strategies that organizations, especially mid-sized businesses, can leverage to protect themselves against potential cyberattacks. Similar to how a good driving record can help reduce car insurance rates, there are simple things that organizations can do to minimize cyber insurance premium increases. Perhaps most importantly, all companies should have a formal incident response plan, including recommended processes to communicate with legal counsel, employees, and external stakeholders.