ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Hosts
Speakers
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Hosts
Speakers
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs

Keeping cyber-security insurance affordable

Finance21 Sep 2023

David Corlette at VIPRE Security Group outlines the cyber-security measures that favourably impact insurance premiums

 

Price rises in the UK cyber-security insurance market continue as insurers struggle to maintain profitability in the face of ever-increasing pay outs. With global cost of cyber-crime forecast to double within the next four years to $23.8 trillion, there are real concerns that cyber-risk potentially could become uninsurable.  

 

For companies, with increasing premiums the cost of insuring business against cyber-crime is becoming unaffordable, resulting in a large proportion of small and medium sized businesses even cancelling their cyber-insurance policies. 

 

At the same time, whilst insurers are narrowing the scope of policy cover, compliance mandates are becoming more stringent. The Information Commissioner’s Office (ICO) now even names and shames companies that have suffered data breaches. 

 

The reality is that not taking out a cyber-insurance policy isn’t an option. It is essential for economic survival. Organisations must ensure that in the unfortunate event of a security breach, immediately they are covered for the actual cost of remediation, and in the medium term (ideally) for any indirect costs that might accrue as a consequence of the impact of the breach on the supply chain and wider ecosystem. 

 

Be ‘insurable’

With the volume of payouts increasing, cyber-insurers are more stringently evaluating their own business risk. Many are scoping out state sponsored attacks from their policies. If they find security protection measures in place to be inadequate or even minimal, they will either refuse or increase the insurance premiums quite significantly. 

 

Additionally, some insurance companies insist that in the event of a breach, their own forensic experts will evaluate the situation before releasing the insurance money. Clearly, they are becoming more discerning with their disbursements. 

 

Demonstrate security compellingly 

To ensure affordable insurance premiums, organisations must effectively demonstrate their security posture. They must provide a holistic view alongside strong evidence that all the types of security defense models have been carefully evaluated and the best-in-class solutions implemented – from infrastructure, data storage and management and mobile through to network, application, endpoint and email security.

 

Equally, well-documented vulnerability management procedures and incident response plans are valuable.

 

There is no dearth of security solutions available today, but not all are equal. Deploying solutions that have been stress tested, verified and highly-rated by reputed independent software rating agencies provides organisations and insurers good assurance on the efficacy and credentials of the products installed. 

 

One of the key risk assessment criteria that cyber-insurers use to assess security posture is the level of resourcing allocated to IT security. There’s a reason for this. IT expertise is expensive and especially in small to medium enterprises, often the bulk of the budget is apportioned to the software and tools themselves, leaving little monies for resourcing. 

 

Therefore, outsourcing security to reputed third party managed service providers tends to be viewed favourably. Cyber-security is ever-evolving and highly specialised. Barring some of the largest enterprises, acquiring the right level of in-house skills isn’t always feasible, and so partnership with external cyber-security providers is a good way of ensuring timely access to dedicated expertise, cost-effectively. 

 

Application security is an important discipline, with focus increasingly shifting to defenses such as API protection, cloud, bot management and so forth. In cases where application security is taken care of in-house, there is merit in highlighting the pedigree of the solutions and ease of their routine management to insurers. Difficult to patch and maintain solutions are at a greater risk of being breached, and insurers are watchful of this.

 

Similarly, even the best security solutions in the world, if sub-optimally deployed, pose risk. Suppose multi-factor authentication is only implemented for the desktop and key applications’ environments, but seemingly lower-priority servers and apps are skipped.

 

This is folly. Given how sophisticated the bad actors are, they can easily leverage loopholes to get to the multi-factor authenticated and notionally secure systems and environments. 

 

Win over insurers with security awareness training

Today, almost every attack is driven by email-led phishing, and attackers are constantly evolving their approach and deploying new techniques – QR codes, QakBot, URL redirection and more.

 

Organisations need to counter this by investing in new technology. This could be in fancy new ‘just launched’ products, or existing solutions from vendors that already have a detailed product development roadmap to help to thwart the continuously changing efforts of the bad actors. Thorough due diligence alongside proper implementation and testing must underlie any technology adoption. 

 

Cyber-insurers are waking up to the true risk of phishing. Insurer risk assessment forms today demand detailed information on endpoint and email security measures. To convincingly illustrate genuine security risk reduction intent, in addition to new technology investment, providing evidence of how security awareness training is purposefully delivered to users across the organisation is a sure-fire way of gaining plaudits with insurers.

 

The relentless manner in which bad actors are targeting users necessitates that employees must always be on their guard. Professional criminals are using advanced techniques and AI technologies to trick employees in the most sophisticated manner.

 

Demonstrating the organisation’s ‘above and beyond’ approach to pre-empting and mitigating the impact of such phishing is definitely a leverage that organisations can use when it comes to negotiating affordable premiums. 

 

 

David Corlette is Vice President Of Product Management at VIPRE Security Group

 

Main image courtesy of iStockPhoto.com

cyber securityInsuranceRisk Management

Most Viewed

Business Reporter

23-29 Hendon Lane, London, N3 1RT

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Breakfast Briefing Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings