When you next try to renew your cybersecurity insurance, you might find the process for approval and the policies available are quite different from before.
Insurers are getting much more specific and more cautious. You should expect a new application for the policy you already hold, and in some cases you’ll find that the policy you’ve had for a few years is no longer being offered.
In the past, insurance applications were often geared only toward protecting personally identifiable information (PII) or credit cards processing. But as claims increase for ransomware attacks, business information compromised by phishing, and the subsequent disruption to business operations, insurers are quickly catching up with real-world vulnerabilities. As a result, insurers are dramatically increasing (appropriately so) the level of security their policies require for all organizations.
What’s really going on?
Cyber attacks are disruptive and can cost businesses and insurance carriers a lot of money. With broad-based risk analysis and clear insight into the cost associated with cybersecurity vulnerabilities, insurance companies are updating their policies to better reflect best practices. That’s good news, because better security lowers the risk and cost for all of us. It’s great to see the security best practice recommendations that we’ve been making for years find their way into requirements for insurance policies.
For example, insurers now expect your organization to have multi-factor authentication (MFA) enforced across the board. That includes MFA for all services in use by an organization (like Google, Microsoft, Dropbox, Zoom, Slack, etc.) including any VPN that allows users to access internal networks and servers from home. For many businesses, depending on the age of the equipment and tools in use, MFA may not even be available to authenticate VPN access. So renewing a cybersecurity insurance policy may encourage an overdue strategic reckoning and re-prioritization of resources.
If you’ve been dragging your feet on our recommendation to enforce MFA on all your email accounts, your insurance company may finally force you to realize: it’s time!
Best practices
It is irresponsible to pretend that ransomware, phishing, and information theft don’t exist. You should be concerned about your business’s data security, and there are some clear, easy steps you can take to protect your business.
- Identity and access management solutions bring a broad number of security benefits, including MFA enforcement to all your online services (and, yes, to your VPN).
- Device management ensures a baseline of security protections on your workstations and laptops.
- Malware and endpoint protection keep a watch for downloads that may cause problems and unusual activities.
- Properly configured and monitored backups give your organization a lifeline if ransomware does somehow find a perch within your organization.
How we can help
Macktez has been helping to protect our clients’ data and systems for decades. We have subscriptions designed specifically to address vulnerabilities in workstations, networks, servers, and identities. For a complete set of protections, our Core Suite package will give your organization the tools to function productively in a changing cybersecurity environment.