How organizations can defend themselves against cyber risk

Cyber insurance, once viewed as a desirable security accessory, has evolved into an incident response and business resilience lifeline. As cybercrime continues to leave mass financial and operational destruction in its wake, protecting the bottom line and ensuring business continuity following such events has captivated the attention of executive leadership, and propelled the demand for cyber insurance.

Regulatory compliance and increased scrutiny from customers have also forced this level of urgency. Not only has there been an influx of applications for cyber insurance but also a tidal wave of organizations actively using their coverage. Research from Delinea found that 80% of organizations have leveraged their coverage at least once, and more than half of that group has used it on more than one occasion.

With the average cost of a data breach reaching astronomical amounts ($4.35 million according to IBM), insurers are not only raising rates but also tightening requirements. Many organizations are now facing significant delays and upfronts costs to satisfy the more rigorous coverage qualification criteria. As cyber insurance is still a relativity new phenomenon for many organizations despite having been around for many years, many organizations lack prior knowledge of the application process itself and can be unprepared for the questions and risk assessments from carriers.

Although each insurer has its own methodology to assess organizational risk, many reference the five key functions of the National Institute of Standards and Technology’s cybersecurity framework to evaluate companies: Identify, Protect, Detect, Respond and Recover. Understanding the core questions that insurers may ask under each of these components can help streamline the process of obtaining coverage and minimizing costs.  Let’s explore how organizations can prepare for each of these five components.

Identifying risks 

A prospective insurer first will want to understand the specific risks which pertain to your organization and the current risk management processes in place. Organizations can evaluate their risks by conducting a cybersecurity risk assessment to identify where vulnerabilities prevail. This activity also helps gauge a company’s cyber risk tolerance.

For example, insurance carriers will want a deep dive into how organizations conduct security awareness training initiatives for employees. Insurers want to see organizations conducting frequent security training that extends beyond simple online tests.  Insurers will also want a portrayal of an organization's inventory of hardware, software and privileged accounts.  Maintaining a list of all devices, applications and privileged accounts that could be a possible entry point for malicious attacks can help identify all possible threat vectors, and will determine the value and scope of the assets an organization wishes to insure.

Protecting assets 

Insurers will also want organizations to convey how they are currently protecting their assets, including highlighting Identity and Access Management controls, data security, maintenance and repair strategies, and more. As credential-based cyberattacks are increasingly common, insurers are looking for strong Multi-Factor Authentication controls to be in place. These controls can help validate who is accessing systems and add an additional layer of security.

Multiple layers of malware defense are another highly requested requirement. These protect against viruses and malicious programs deployed by bad actors. This defense includes implementing and enforcing least privilege access, restricting or removing local administrative rights, and layering in threat intelligence and endpoint protection. Part of protecting assets and data is having a strong backup and recovery plan to ensure that the business is resilient to attacks such as ransomware, which can bring a business to a complete stop.

Detecting risk and breaches 

Establishing an organization’s ability to detect risks and breaches is another core component for cyber insurers. The increased reliance on remote work means that more endpoints, including laptops and cloud servers, are high-value targets for attacks. More insurers are requiring organizations to have an endpoint security tool that can seamlessly identify and respond to security events originating at endpoints.

Thus, insurers want organizations to have comprehensive monitoring, alerting and reporting capabilities for privileged behavior and possible abuse on workstations and servers. This enables information technology and security teams to quickly identify unexpected behavior and conduct an incident response and forensic analysis if a breach occurs.

Responding to cyber attacks 

Perhaps the most important part of an evaluation to an insurer is the appraisal of an organization’s incident response plan. Robust incident response game plans are non-negotiable to an insurer as they can reduce the risk of a cyber breach becoming a catastrophic event.

An incident response plan helps align IT operations, security and developers to ensure a rapid and thorough response to an attack. A robust plan includes a checklist of roles and responsibilities in the event of an attack, along with actionable steps to measure the extent of a cybersecurity incident. Conducting frequent incident simulations can help identify areas for improvement and demonstrate to insurers that readiness is more than hypothetical.

Recovery after an attack 

Finally, carriers will want to delve into an organization’s recovery plan to understand how they will navigate the aftermath of a potential breach. Organizations must effectively showcase the measures in place to return operations to normal and stem losses. While 71% of companies are confident they can quickly recover from a cyberattack, it still takes an average of 280 days to identify and contain a data breach. Organizations must demonstrate to insurers that they’re realistic, willing to learn from cyber mistakes and implement ongoing improvements.

Before applying for a cyber insurance premium and engaging with perspective carriers, it is important to evaluate your organization within these five components to better understand the risks which pertain to your organization, where gaps in security infrastructure may persist and which assets are most critical for an organization to insure.

Joseph Carson is chief security scientist and advisory CISO at Delinea. He may be contacted at [email protected].

© Entire contents copyright 2023 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.