The modern digital environment is more risky than ever before, and the incidence of cyberattacks only increased throughout the COVID-19 pandemic. In this day and age, even the most robust security systems may still be penetrated or breached by a sophisticated cyber-attack. This means companies can no longer afford to be complacent about security.
If a breach occurs, you may need cyber insurance to receive funds for rebuilding your business, fixing your website, or paying fines in case you lose customer data. And to ensure that your cyber insurance claim is accepted, you’ll need to make sure you know what insurers look for in cyberattack claim applications.
Is Cyber Insurance Really Necessary?
Short answer – yes! Perhaps in large part due to the COVID-19 pandemic, cyberattacks have been on the rise. As more companies have shifted to remote work while using unsecured systems, the costs of hacks, database breaches, and other attacks have led to the loss of millions of dollars across industries.
Naturally, cybersecurity insurance claims have increased in conjunction with cyberattacks. One insurance company reported that it processed more claims in the first half of 2021 than it did in any other comparable timeframe to date.
This follows a broader trend with insurance claims across industries and types. For example, since the pandemic began, there has been a 50% uptick in the number of Canadians purchasing a life insurance policy. Just like life insurance, it may be time for you to consider the long-term financial wellness of your company when it comes to cybersecurity.
Cybersecurity insurance is very important because it can protect your organization from unforeseen costs. In the wake of a cyberattack, you may need to recover customer data, cover legal fees and expenses, and repair damaged computer systems. All of that will have to come out of your organization’s pocket if you can’t file a successful insurance claim.
Common Causes of Cyberattacks
Cybersecurity needs are unique to every business, but most cyberattacks share some common traits. Naturally, many of these traits are discussed in applications for cybersecurity insurance, so you should consider these factors when applying for insurance coverage.
Some of the most common aspects reported in cyberattacks include:
- Weak passwords. This is listed as a possible cause of over 80% of breaches. Weak passwords can include simplistic passphrases, unprotected passwords, or not changing critical passwords regularly enough.
- Poor or out-of-date antivirus software. Many successful cyberattacks involve different types of malware that either cause or contribute to the broader breach.
- Bad digital hygiene among employees. Humans are often the weak link in cyber defenses, especially those who work remotely. For example, working in an unsecured environment, like a coffee shop’s Wi-Fi network, can lead to digital breaches.
Ultimately, you need to make sure your organization takes the right steps to counteract these potential threats and make sure you qualify for an insurance payout if you are affected by a cyberattack.
What Do Cyber Insurers Look for?
When filing an insurance claim, the last thing you want is your claim to be denied, especially as the pandemic continues to impact cybersecurity. Even if the insurance company in question allows for an appeal, this could delay the funds you need to recover from a successful cyberattack.
Cyber insurers typically look for a few major factors when determining whether to pay out a client’s insurance claim. These include the following elements:
Strong Password Maintenance
For starters, you need to make sure that your passwords are always strong and that everyone in your organization follows proper password protocols. Poor password management is probably the most basic form of access management failure.
Some best practices include:
- Using complex passwords that cannot be easily guessed or brute-forced
- Not writing passwords down on paper or keeping them in unsecured areas
- Regularly rotating or updating passwords
- Requiring multi-factor authentication
While many cyber insurance companies don’t require password strength or security as a criterion for underwriting an insurance claim, you should still practice good password hygiene overall. Poor password hygiene can lead to a very embarrassing data security breach, and it might decrease your chance of getting a claim accepted if you didn’t take basic steps to protect yourself.
Proper Firewall Use
You’ll also want to make sure that your firewalls are secure enough to resist modern malware attacks and that they are regularly updated. Failing to update your firewalls regularly could lead to your claim being denied, as your cyber insurance company could take this as evidence that you are not doing your part for cybersecurity.
Physical Security Controls
Implementing some physical security controls in your organization could also do wonders for your broader cybersecurity. If the time ever comes to claim cyber insurance, you’ll be able to point to physical security controls and show that you did everything you could to avoid or stop the attack on time.
Some physical security practices include:
- Implementing access controls over servers and routers
- Removing sensitive data from the reach of potential cybercriminals via external hard drives
- Preventing remote employees from using personal (unsecured) devices for sensitive business
Regular Software Updates
Encrypted Mobile Traffic
If your employees work from anywhere but the office, make sure mobile devices are encrypted and that they practice good digital hygiene. For example, remote workers may need to use a VPN when logging into sensitive company information or tools from afar.
A VPN can mask IP addresses and make it much more difficult, if not impossible, for a potential bad actor to gain access to sensitive company data. Other encryption software tools can make even basic smartphone devices relatively secure and allow employees to complete work remotely without compromising the rest of their organization.
Increased User Management Oversight
Lastly, user management processes such as updating who has administrator access to important information or systems are also a vital part of a good cybersecurity routine. Make sure that your company only provides administrator access to as few employees, as unnecessary access could cause you to be denied an insurance claim. Also, regularly update who has access in the event of employees leaving or responsibilities changing.
You never want to be denied cyber insurance when you need it most. If you are a victim of a cyberattack and your system goes down, you need to get back up and running ASAP to recapture lost traffic and prevent your customers from losing faith in your organization.
Cyber insurance payouts can help you manage your risk, recover from a cyberattack, and pay any fees that you may have incurred. Having each of the above elements as part of your cybersecurity practices will also make it easier for a cyber insurer to underwrite an insurance policy in the first place, and you’ll be more likely to receive a payout in the event of a breach.
About the Author: Gary Stevens is an IT specialist who is a part-time Ethereum dev working on open source projects for both QTUM and Loopring. He’s also a part-time blogger at Privacy Australia, where he discusses online safety and privacy.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.