The Importance of Cybersecurity Insurance

Cybercrime has, unfortunately, become commonplace, with one expert estimating that computer-based theft will cost the world $10.5 trillion by 2025. This has made cybersecurity insurance a must-have for businesses. 

However, many companies who have purchased this type of insurance have learned a hard lesson in the past few years – insurers will not pay claims or renew policies unless the policyholder follows the guidelines of what’s required to protect a company’s computer network and data from attacks. 

Simply put, many businesses think that it’s enough to just purchase this type of insurance, receive a claim payment if an intrusion occurs, then return to normal operation.

Unfortunately, a cybersecurity insurance plan on its own is absolutely not enough and must be supplemented with network defense tools, employee education modules, and documented recovery plans.

Your Business’s New Homeowners Insurance

Most people who have homeowner’s insurance understand they may have to perform some preventative maintenance in order to receive a claim for any damages that may result. 

For example, an insurer might warn a policyholder that his or her property requires upgrades to its electrical system. And, if down the line there is an electrical fire, the insurer will not pay out a claim for these damages if the policyholder did not make the necessary upgrades or pull the right permits to show they were made.

It’s no different with cybersecurity insurance. Businesses have to meet certain contingencies in order to say they’ve done all they could to protect themselves from cyber-based crimes. After all, a ransomware attack or data breach is no different than a burglar entering a property and stealing a person’s most valuable possessions.

Insurance companies are not charities, and those that issue cybersecurity policies have had to pay out a lot of money in recent years, with one cybersecurity insurance specialist stating they processed more claims in the first half of 2021 than any other time period. They won’t do so anymore unless a business has done all it can to lock its doors.

Reducing the Attack Surface

Insurance companies want businesses to reduce their attack surface as much as possible – in essence, do all they can to reduce the vulnerabilities that can result in a successful cyber attack.

In the eyes of insurers, this requires companies to implement the following:

• EMAIL PROTECTION. An estimated 96% of cybercrimes happen via a phishing attack generated via email. To retain coverage, businesses must put in place multiple layers of protection to prevent a malicious email from reaching an end-user.
• TRAINING. In the event that a malicious email gets past the organization’s firewall and email filtering, companies are asked to provide frequent training for employees on what they should look out for to prevent a cyberattack, such as how to identify phishing scams.
• NEXTGEN ANTIVIRUS PROTECTION. Older antivirus protections rely on an established, and often out of date, database of known threats. Utilizing traditional antivirus software requires endpoints (ex: the laptops that employees have at home) to make required updates so that they’re referencing the most ‘up-to-date’ data. This causes a severe lag as hackers and those who write malware are often many steps ahead. The most modern antivirus software offers real-time protection and greater intelligence when scanning for malware. NextGen antivirus protection monitors traffic 24/7 for faster, more accurate recognition of potential threats. Instead of reviewing files and traffic to identify if something suspicious happened in the past, NextGen antivirus protection catches attacks as they are attempted.
• MULTI-FACTOR/2-FACTOR AUTHENTICATION. Phishing attacks require someone to give up their unique password. Companies that enable 2FA or MFA have significantly increased protection over their valuable data due to the added layer(s) of authentication needed for login. With 2FA and MFA, even if an attacker obtains a password they likely won’t be able to get the token or extra code needed to cause a successful breach. 

Plugging the Holes

IT security awareness and best practices are not just the responsibility of one person, but instead must be a focal point for an entire company. It is often overwhelming for companies without a dedicated IT team to understand what’s needed to meet the standards of a cybersecurity insurance policy, and even more of a task to deploy the preventative measures needed to stay in compliance.

Thrive’s expert team of cybersecurity professionals can help you review your policy and discuss the wide range of security options, training services, and full supervision of IT software available to keep your data protected. 

Learn more about where your company stands today by scheduling a cybersecurity risk assessment with Thrive.