Getting your Trinity Audio player ready... |
What To Know About Cybersecurity Insurance
The cybersecurity insurance sector is in the midst of significant transformation. Escalating premiums, shifting prerequisites, and inconsistent standards within the industry present formidable hurdles for organizations seeking coverage.
Now is a critical moment for these organizations to gain insight into the evolving landscape of cyber insurance and ascertain the essential security measures required to adapt and thrive amidst these shifts.
What is Cybersecurity Insurance?
Cyber liability insurance offers coverage against various risks associated with losses concerning a company’s digital assets. These risks may encompass data loss stemming from ransomware attacks, disruptions to productivity caused by network infrastructure breaches, or the compromise of customers’ personally identifiable information (PII) data.
Why Is Cybersecurity Insurance Expensive?
In the last decade, the cybersecurity insurance market resembled the unregulated frontier of the Wild West. Numerous business insurance firms hastily embraced cyber insurance without grasping the intricacies of cybersecurity. This led to overzealous underwriters crafting policies without a comprehensive understanding of the associated risks — and in some instances, without any understanding of cybersecurity whatsoever.
Nevertheless, with the pandemic fueling a surge in cybercrime activities like ransomware and business email compromise (BEC), numerous insurance providers find themselves grappling with larger-than-expected losses.
In response, insurers are contemplating three primary strategies:
- Exiting the industry altogether, acknowledging their losses.
- Significantly increasing premiums while reducing coverage limits.
- Enforcing enhanced cybersecurity standards based on incident and breach data they’ve amassed.
For some insurers, these measures are already underway, leading to premiums doubling or even tripling. This has resulted in confusion and frustration for organizations seeking to renew or procure cyber insurance coverage.
Emerging Trends in Cybersecurity Insurance
There’s little doubt that the cyber insurance sector will undergo a tightening and standardization process — the only uncertainty lies in when this will occur. Those insurers remaining in the market have already initiated the implementation of stricter cybersecurity standards. By exclusively offering coverage to companies equipped with specific security measures, providers aim to minimize potential losses.
As cyber insurers accumulate more data on the root causes of breaches, they will leverage this information to enhance their policies and prerequisites. In the coming years, cyber insurance providers will persist in demanding essential controls aimed at preventing breaches — or they may offer incentives like substantial discounts. For instance, implementing Security Information and Event Management (SIEM) systems can notably diminish the likelihood of a cyberattack. Consequently, insurers might grant discounts to organizations with SIEM implementations, potentially offsetting the SIEM’s costs entirely.
An additional benefit of utilizing a SIEM is its capability to furnish comprehensive details regarding the timing of an attacker’s system entry, the systems they potentially interacted with, and the data they may have accessed or duplicated. This wealth of information proves invaluable during post-incident response efforts, allowing for a more focused investigation and targeted remediation actions. Consequently, such capabilities can ultimately lead to cost savings for the insurer.
The absence of regulatory oversight in the cyber insurance sector has led to concerns regarding clients misrepresenting their technological infrastructure. A recent lawsuit by Travelers Insurance alleged that a client, following a ransomware incident, misrepresented their implementation of Multi-Factor Authentication (MFA). Such incidents are likely to prompt insurance companies to conduct more thorough examinations of their clients’ technology stack and risk management approaches.
Similar to how auto insurers utilize beacons to monitor customers’ driving behaviors, cyber insurance providers may implement requirements by gaining deeper insights into their clients’ environments. For instance, some insurers have initiated external scans on their clients’ networks to identify vulnerabilities.
Organizations holding a cyber insurance policy, or contemplating one, should proactively address these evolving requirements. By implementing necessary measures promptly, they can circumvent costly, subpar, eleventh-hour implementations during insurance renewals. Typically, renewals are issued with short notice, making it impractical to execute high-quality implementations of new security controls within such tight timelines.
Who Needs Cyber Insurance Coverage?
Cyber liability insurance typically furnishes financial support for various specialists, including digital forensics experts and legal professionals, who play pivotal roles in uncovering the origins and ramifications of cyber attacks.
Companies seek cyber insurance coverage to shield themselves from the exorbitant financial repercussions of cyber incidents, which can be staggering. For instance, the average ransomware payment surged to $925,162 in the initial five months of 2022, marking a 71% increase from the previous year.
The costs associated with security breaches are even more astronomical, encompassing legal expenses, penalties, business disruptions, and expenses related to customer remediation. In 2021, the average breach cost soared to $4.24 million, according to IBM’s findings, representing the highest average in the report’s 17-year history.
The financial blow of a ransomware attack or breach is particularly crippling for small and midsize businesses (SMBs), which often lack the financial means and resources to fully recover. Despite being targeted by over 40% of cyberattacks, a staggering 75% of SMBs concede that they lack the personnel necessary to address IT security adequately.
Why Do Managed Service Providers (MSPs) Need Cyber Insurance?
An MSP seeks cyber liability coverage to safeguard its own operations against cyber threats. However, an MSP’s insurance requirements extend beyond cyber liability coverage. Actions taken by an MSP could potentially lead to scenarios where a customer experiences a cyber incident not covered by the MSP’s cyber liability insurance. Moreover, threat actors might exploit an MSP’s remote management and monitoring (RMM) software to orchestrate ransomware attacks against their clients. Hence, an MSP should contemplate the advantages of Tech Errors & Omissions insurance, offering protection against errors resulting in customer losses.
Furthermore, an MSP should advocate for its customers to procure cyber liability insurance. Some MSPs have transitioned to a model where they exclusively offer support contracts to customers with cyber liability insurance. This benefits the MSP, as insured customers are more inclined to adopt proactive cybersecurity measures, reducing the occurrence of unexpected critical support incidents.
Insured customers also gain access to superior specialized IT resources in the event of an incident, alleviating the MSP’s workload—particularly during widespread incidents affecting multiple clients simultaneously. Additionally, cyber insurance may reimburse an MSP for emergency or after-hours labor required to recover from an incident, further bolstering its resilience.
Does Cyber Insurance Cover Ransomware?
While most cyber insurance policies encompass ransomware incidents, certain providers necessitate customers to complete separate applications with stricter criteria to access expanded coverage specifically addressing ransomware. Moreover, policies typically delineate coverage for double extortion ransom, wherein hackers not only encrypt a victim’s data but also exfiltrate it, threatening to expose it unless a ransom is paid. Hence, it’s imperative for organizations to thoroughly discuss their coverage details and ascertain any exclusions with their provider.
Insurance policies often impose limits on total ransomware coverage. For instance, if the coverage limit is $1 million and the ransom demands $1 million, the insurer will solely cover the initial ransom payment.
It’s essential to acknowledge that the total expenses incurred during a ransomware incident often surpass the ransom amount. These expenses may encompass legal fees, forensic expertise, potential penalties and fines, remediation costs, damage to the company’s reputation, among other factors.
Similar to general liability insurance, it’s crucial for organizations to thoroughly comprehend the specific coverage details of a policy before engaging in an agreement with an insurance provider or renewing a contract.
What’s Required for Cyber Insurance?
Previously, the cost of cyber liability insurance was predominantly influenced by factors such as the policy’s size, the insured company’s scale, and the company’s cyber risk profile. Insurance providers typically conducted surveys encompassing inquiries regarding a company’s technology infrastructure and computer systems to gauge risk levels.
However, contemporary insurers now mandate specific security controls as prerequisites for coverage. These requirements are sometimes outlined explicitly in documents detailing essential controls. Alternatively, insurers may inflate policy costs substantially if organizations fail to implement the necessary security measures.
For instance, while insurers may not explicitly demand Multi-Factor Authentication (MFA), they might significantly increase policy premiums if MFA is absent, especially for protecting access to high-risk systems. Additionally, renewals of existing policies tend to impose stricter requirements annually to qualify for renewal.
Among the array of security controls sought by insurers, some prominent ones include:
- Multi-factor authentication (MFA): Widely acknowledged for its efficacy, MFA serves as a relatively effortless yet potent security measure. According to experts from Google and Microsoft, MFA can thwart up to 99.9% of bot attacks. Insurers frequently mandate MFA implementation, particularly for email and remote access networks.
- Endpoint detection and response (EDR): EDR solutions continuously surveil endpoints to identify malicious activities. This capability is often deemed essential for cyber insurance coverage as it empowers organizations to actively and reactively hunt for signs of compromise (IoCs).
- Next-generation antivirus (NGAV): In contrast to traditional antivirus software reliant on signature-based detection, NGAV employs contemporary methodologies like AI and behavioral-based detection to bolster network security. It’s instrumental in blocking various cyber threats, including malware.
- End-user training: Recognizing the growing significance of employee education, insurers emphasize the need for comprehensive end-user training. This is particularly crucial given the prevalence of phishing attacks, a common avenue for infiltrating environments.
- Segregated backups: Vital for data recovery, backups serve as an indicator of a company’s ability to swiftly recuperate from incidents. Insurers often require backups to be stored separately from the primary data location for added resilience. Encrypted backups are also commonly stipulated to preserve data integrity.
- Security information and event management (SIEM): SIEM solutions play a pivotal role in consolidating and analyzing data from diverse IT environments for security monitoring purposes. This aids organizations — and insurers — in discerning the sequence of events during an attack. Modern SIEM platforms often integrate detection and response functionalities, enhancing proactive defense mechanisms.
Policyholders or organizations contemplating a cyber policy must proactively address these evolving requirements. By implementing necessary measures promptly, they can circumvent costly, subpar, last-minute implementations during insurance renewal periods. Typically, renewals are issued with short notice, making it impractical to execute high-quality implementations of new security controls within such tight timelines.
Moreover, these controls are not solely crucial for cyber insurance purposes; they also contribute to meeting compliance requirements and enhancing overall security maturity.
Why is Logging or a SIEM Necessary for Cyber Insurance?
A SIEM offers a precise depiction of how an intruder infiltrated systems, their initial entry time, the systems accessed, and the data retrieved. This granularity is crucial for insurers aiming to minimize response scope and reduce overall costs.
In certain scenarios, legal obligations post-data breach hinge on the scale of affected individuals, customers, or records. Without comprehensive logs, insurers might presume a pervasive network breach, leading to more expensive forensic and legal procedures.
Insufficient logging could also precipitate costly or intricate public relations issues for the company.
Why is Data Retention Essential for Cyber Insurance?
While estimates vary, it’s common for attackers to dwell in a network for weeks or months before launching damaging assaults on data or systems.
Similar to logging, insurers seek comprehensive incident details. By retaining data for at least 90 days, preferably six months to a year, organizations enable insurers to ascertain the intruder’s duration in the environment. Long-term data retention expedites breach recovery and restoration, bolstering business continuity.
Moreover, log retention must be immutable, impervious to alterations or deletions. This safeguards against attackers attempting to erase tracks by clearing logs. Organizations should store logs externally to thwart such tampering attempts.
Why is Threat Detection Crucial for Cyber Insurance?
Insurers aim to minimize the impact of attacks by detecting intruders early, before they can inflict damage or extract data.
Effective threat detection can significantly reduce insurers’ financial liabilities. According to IBM’s Cost of a Data Breach report, breaches that took more than 200 days to identify and contain resulted in a 35% higher cost for organizations, averaging $4.8 million.
Lack of early detection prolongs breach lifecycles, adversely affecting organizations’ bottom lines and, consequently, insurers’ profitability. This makes insurers less inclined to offer comprehensive coverage.
How Does Petronella Assist Organizations in Meeting Cyber Insurance Requirements?
Petronella aids organizations across various industries in fulfilling log monitoring, audit trail, data retention, detection, and response requirements mandated by cybersecurity insurance policies and other compliance regulations, including HIPAA, PCI DSS, FFIEC, NIST, CMMC, and more.
Petronella’s cloud SIEM is well-suited for numerous companies seeking to enhance their security posture while qualifying for cost-effective cyber liability insurance. The utilization of a SIEM can notably influence policy pricing, albeit insurance pricing is contingent upon numerous factors.
Employing a SIEM not only aligns with best practices but may also result in reduced insurance costs, partially or entirely offsetting the expense of the SIEM implementation.
Call Petronella Today! 919-422-2607 to gain further insights into your queries regarding cyber insurance, covering:
- Assessing the suitability of cyber insurance for your organization
- Essential security controls required for insurability presently and in the foreseeable future
- The progression of cyber insurance throughout the past decade