In the last few years, cybercrime has increased considerably, often leading to significant costs, reputational damage, and operational disruptions to the companies affected. And while there is no full-proof way to avoid an attack, many organizations are taking steps to further reduce their risks. On top of this, these organizations often take additional steps to reduce the high costs of dealing with a security breach if one were to occur.
Enter cyber insurance—also known as cybersecurity insurance or cyber liability insurance.
Having cyber insurance coverage has become imperative for many organizations due to the rise of cyber incidents and the growing sophistication of these attacks, paired with the potential financial impacts of a successful breach.
In fact, the global cyber insurance market is projected to grow from $12.83 billion in 2022 to $63.62 billion by 2029. This growth is largely driven by the continued rise in the number of data breaches, as well as a greater awareness of cyber risks.
While there is no question having cyber insurance is smart, organizations are often challenged when sorting through the options. Not only do organizations need to understand exactly what each policy covers, but they also must determine the types of digital assets they need to protect to satisfy the basic insurance requirements and they have to worry about getting approved (or if currently covered, how they can avoid the steep increase in premiums). Let’s take a deeper look:
What Do Cyber Insurance Policies Cover?
While cyber insurance can’t prevent a breach or a security incident from happening, this type of policy helps organizations more successfully weather the storm when a data breach or network security failure takes place. Typically, cyber insurance policies cover the following:
- Breach costs: Costs associated with responding to a breach, including identifying the breach, alerting affected individuals, credit protection services, and crisis management/public relations costs.
- Cyber extortion: Response costs and financial payments associated with network-based ransom demands.
- Cybercrime: Financial losses associated with social engineering and funds transfer fraud.
- Business Interruption: Lost business income that takes place when a company’s network-dependent revenue is interrupted.
- Data recovery: Costs required to replace, restore, or repair damaged or destroyed data and software.
- Privacy protection: Costs to resolve claims with regard to the handling of personally identifiable or confidential corporate information.
- Digital media: Costs to resolve claims related to online content, such as copyright or trademark infringement, invasion of privacy, and defamation.
While cyber insurance provides fairly comprehensive coverage, it is very important to note that not every cost or claim is covered. The following is typically not covered by most cyber insurance policies:
- Criminal proceedings: Claims brought in the form of a criminal proceeding, such as a criminal investigation, grand jury proceeding, or criminal action.
- Funds transfer: Other than transfers associated with cybercrime coverage, most uncovered claims include loss, theft, or transfer of funds, monies, or securities.
- Infrastructure interruption: Claims stemming from failure or interruption of water, gas, or electric utility providers.
- Intentional acts: Fraud, dishonesty, criminal conduct, or knowingly wrongful act of the business or its employees.
- Property damage: Property damage stemming from a data breach or cyberattack, such as hardware that was destroyed during the cyber incident.
- Intellectual property: Property losses and lost income associated with attacks are commonly excluded from coverage.
- Costs for proactive preventive measures: Measures to avoid a future attack, such as training employees or developing an incident response plan.
Common Insurance Requirements
Most insurance companies require organizations to have certain safety protocols in place before being accepted for coverage. While these requirements tend to vary by insurance company and by the size of the company being insured, today’s insurance companies they all require organizations to have some basic security controls in place.
The reason for this is quite simple: insurance companies need to know organizations are addressing the highest likelihood of attacks, which in turn reduces the insurance company’s risk. And while most insurance companies currently allow organizations to self-verify these requirements, the industry is moving in the direction of requiring a professional IT service company to confirm that these standards are in place and up to date.
These requirements typically include the following:
- Centralized security device log collection and threat detection analytics platform (Security Information and Event Management (SIEM) monitoring)
- Active 24×7 security event monitoring, investigation, and alerting (Security Operations Center or SOC)
- Active incident response and threat remediation
- Regular software patching and automatic updates
- Strong endpoint security, often times an Endpoint Detection & Response (EDR) solution
- Access control methods to protect critical systems, apps, and data. These include multi-factor authentication, least-privilege access policies, securing system administrator access to key data, and securing third party access to all systems.
- Use of strong password management policies
- Backup and disaster recovery methods that employ cloud or off-premises offline storage
- Financial controls to verify fund transfers and access change control requests
- Data protection methods for personal or other private information, including encryption and network segmentation
- Use of network security methods, such as network segmentation and firewalls
- Adhering to common email security recommendations
- Employee management policies to control account access
- A specific security risk manager employed by the organization
- Employee security training
- Formal incident response plans
- Written privacy and data security policies
Selecting a Policy – and Getting Approved
When selecting a cyber insurer, organizations should consider several factors, including the financial stability of the insurer, the type of coverage provided, and the cost. It is also important to keep in mind that some insurance companies provide supplementary services to help protect against and respond to breaches, while others have strong partnerships with cybersecurity vendors to help mitigate a breach.
If you are trying to get approved for cyber insurance, and want to get lower rates, it’s critical you not only have the bare minimum requirements in place, but also take extra precautions to ensure you’re a desirable candidate for cyber insurance. Many organizations are looking for outside security vendors that will not only help them be more secure, but also will ensure they check off the requirements for cyber insurance approval.
Logging and Monitoring of Event Logs
One of the top requirements from cyber insurance providers is log monitoring. Proficio’s Managed Detection and Response (MDR) solution provides you all the benefits of having a SIEM, without the complexity of owning and managing it through our shared SIEM service. For those with a current SIEM, Proficio can help you manage the platform and provide content from our large library of threat detection use cases. Proficio also provides 24×7 Security Operations Center monitoring, alerting and response solutions with either our SIEM and SOAR (Security Orchestration and Automated Response platform) or utilizing your security tools and platforms.
Patch Management/Vulnerability Management
Knowing what systems are most vulnerable enables your team to quickly patch the biggest risks first. With Proficio’s Risk-Based Vulnerability Management (RBVM), you can prioritize patching based on the risk of a vulnerability being exploited and the relative importance of each system. In addition, Proficio offers security device management to help you ensure your security devices are being maintained to vendor-recommended best practices.
Endpoint Detection and Response
Many of today’s biggest data breaches were the result of a cybercriminal getting access to one endpoint, and laterally moving through their networks. Proficio’s Managed Endpoint Detection and Response (EDR) helps you secure their critical devices through device monitoring and management, helping to detect risks in real time.
When it comes to cyber insurance requirements, Proficio can also help with the scenarios such as:
- You have a new requirement for security log collection, active threat monitoring, and threat response solution
- You have an MSSP but want a new provider with better threat detection and response capabilities
- You had a breach and need a provider (new or replacement)
- You have an internal SOC but are having trouble keeping staff and getting desired outcomes
As we enter into a new year and cybercrime hits record highs, it seems inevitable for every business to be affected in some way. And as a result, preparation is key. There is no question that cyber insurance is a great way to mitigate risk but remember – having insurance does not reduce your risk. However, cyber insurance is a great layer of protection to add to your complete security stack.
To learn more about how Proficio can help you choose the right cyber insurance for your organization, click here.