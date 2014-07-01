Protecting Your Data: Cyber insurance is a must-have in the fight against ransomware

One of the biggest threats for business has been phishing-based ransomware infiltrations, resulting in billions in losses from either paid ransoms or lost business revenues.

Ransomware attacks increased by 91% in 2021. Ransomware is a malware that employs encryption to hold an organization’s data for ransom and in an encrypted state, preventing the use of databases and other mission-critical applications.

Ransomware also prevents employees from accessing files critical to conducting business operations. Once ransomware enters the network through an employee endpoint, it typically spreads throughout the network, targeting file systems, data repositories of every kind, backup data and more – rapidly taking down the organization.

With the threat of significant financial loss, many businesses are ramping up their security defenses and protecting corporate assets with cyber insurance. It offers data breach insurance that helps a company recover from a data loss event due to criminally encrypted data, cyber theft, a network outage, or other IT interruption caused by ransomware, malware or other cyber variants targeting the business.

While larger businesses have been the notable victims of ransomware for years, attacks on midsize organizations are increasing and resulting in major financial losses caused by operational downtime and reduced revenues due to system outages.

With cyber insurance, businesses can protect themselves from financial losses by not having to pay reparations to criminal entities due to cyber extortion. It also allows companies to be compensated for lost business opportunities and remediation of lost or damaged digital assets.

While cyber insurance is a must-have in today’s business climate, it does come with a cost. The often-expensive premiums are due to the high compensation required when attacks occur. Companies in certain industries, such as financial services and healthcare, often pay even higher premiums because of the large volume of personally identifiable information (PII) targeted by the most aggressive ransomware or cyber variant.

In 2022, many companies – including those who have never had a cyber insurance claim – found that their renewal premiums skyrocketed up to a reported 300%. Others were not able to obtain renewal coverage because their internal systems and protections no longer qualified them for coverage.

The first step to reducing cyber insurance premiums and positioning your company to be able to obtain coverage is to conduct a security audit that assesses which digital assets and physical operations may be impacted by an attack. High value and sensitive data ranks number one in these audits with financial data, customer information, employee records, intellectual property (IP) in the form of solution designs/architectures, proprietary processes, strategic plans and more.

Once the audit is complete, the calculation of insurance needs based on audit results reveals the potential financial risk and anticipated recovery costs.

The next several steps involve the solicitation of a cybersecurity services provider. This includes service providers capable of conducting scheduled penetration testing; business-wide password implementation, monitoring and management; end-to-end encryption of PII; deployment of zero-trust infrastructure to control access to sensitive data, as well as a full suite of defensive security solutions layered across the managed IT environment.

Key solutions and processes many insurers suggest implementing to reduce premiums include:

Strong email security. Despite popular belief, email is not a secure form of communication, and every organization should use caution when sending or verifying sensitive information by email.

Despite popular belief, email is not a secure form of communication, and every organization should use caution when sending or verifying sensitive information by email. Multi-factor authentication. MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application. Start with your email, then apply MFA everywhere it’s available.

MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application. Start with your email, then apply MFA everywhere it’s available. Full data backups. A full data backup can mean the difference between a complete loss and a complete recovery after a ransomware attack. Develop a strategy tailored to the business.

A full data backup can mean the difference between a complete loss and a complete recovery after a ransomware attack. Develop a strategy tailored to the business. Secure remote access. Workers are often given access to company resources remotely. When remote access is allowed, the organization takes on additional risks.

Workers are often given access to company resources remotely. When remote access is allowed, the organization takes on additional risks. Regular software updates/patching. All software presents at least some risk to the organization. Cybercriminals look for vulnerabilities, which can easily be located to prevent exploits through regular software updates.

All software presents at least some risk to the organization. Cybercriminals look for vulnerabilities, which can easily be located to prevent exploits through regular software updates. Use of a password manager. Password managers are essentially an encrypted vault for storing passwords that are protected by one master password. These master passwords act as ‘keys to the kingdom’ and should be heavily protected.

Password managers are essentially an encrypted vault for storing passwords that are protected by one master password. These master passwords act as ‘keys to the kingdom’ and should be heavily protected. Malicious software scanner. Endpoint detection and response (EDR) tools (including traditional antivirus and anti-malware software) readily identify, detect, and prevent advanced cyber threats.

Endpoint detection and response (EDR) tools (including traditional antivirus and anti-malware software) readily identify, detect, and prevent advanced cyber threats. Data encryption. If your data is not encrypted and you lose a device, your organization may face a data breach and all of the legal, regulatory and notification costs that come with it.

If your data is not encrypted and you lose a device, your organization may face a data breach and all of the legal, regulatory and notification costs that come with it. Security awareness training. Sixty percent of claims are the result of human error. This can be avoided by creating a culture of cyber risk awareness that holds everyone accountable.

Sixty percent of claims are the result of human error. This can be avoided by creating a culture of cyber risk awareness that holds everyone accountable. Oversight by a managed IT help desk. A 24/7/365 help desk monitors security infrastructure and can take action immediately once an attack is detected.

With the combination of cybersecurity services and the right insurance provider, organizations can significantly reduce the threat of serious business and financial impact caused by a successful cyber attack. With critical IT systems, data, and processes in a hardened defensive position, insurance premiums can be made much more affordable while still offering all-encompassing protection against the criminal threat actors’ incessant flood of attacks.

Even more important, with a secure managed services contract in place where business data is being protected by a security operations center monitored 24/7/365 by security experts for a fixed cost, successful attacks are made more difficult for even the most experienced cyber villains – dramatically reducing the risk profile of the organization.

Katie Horvath is the chief marketing officer for Aunalytics, a leading data platform company delivering insights as a service. Prior to Aunalytics, she held the post of CEO for Naveego where she was the only woman CEO of a big data company in North America until 2021 when the business was acquired.

Comments

comments