Cyber Insurance: Navigating Premiums and Practices

In today's world, the question is not just whether your organization can secure cyber insurance—it is also about how much it will cost. Yes, you are insurable, but did you know that the premium could be lower with the right cybersecurity measures in place? Cyber insurance is not merely a financial transaction; it is a crucial component of your company's risk management strategy, and the mere act of getting insurance will not make a weakness or vulnerability go away.

However, obtaining comprehensive coverage at a reasonable cost requires more than just a willingness to pay premiums. Insurers are increasingly scrutinizing the cybersecurity practices of companies to mitigate risks. As a CISO and cyber analyst, I recommend the following key cybersecurity practices are prioritized. These are not exhaustive, but they are significant components that insurers will evaluate your organization against.

1. Multi-factor Authentication (MFA)

Yes, obvious, we all have it and know we must have it. MFA across your organization is one of the most effective ways to enhance account security. MFA should be a mandatory requirement not just for remote and administrative access, but also for accessing emails, critical systems, and vendor interfaces. By requiring an additional form of verification beyond just a password, MFA significantly reduces the risk of unauthorized access, even if login credentials are compromised. This simple step can thwart many common cyber-attacks and demonstrates to insurers that your company takes access security seriously. Make sure you have MFA for all accounts- not just your email and SSO, but also the admin’s system and infrastructure access too.

2. A Current and Tested Incident Response Plan

A well-developed incident response plan (IRP) is your first line of defense in the chaos of a cybersecurity breach. This plan should not only be comprehensive and current but also regularly assessed through drills and simulations such as Tabletop Exercises. These exercises help identify any gaps in responses and ensure that when a real incident occurs, your team is equipped to manage it efficiently, minimizing potential damage. Cyber insurers often look favorably on companies that can demonstrate effective incident management and recovery capabilities and certainly those that document they have run at least two Tabletop exercises a year.

3. Air-gapped and Encrypted Backups

In the era of ransomware and destructive cyber-attacks, the ability to recover data quickly and securely is paramount. Having air-gapped and encrypted backups ensures that your critical data is protected against both external attacks and internal mishaps. And very importantly, the backup should be immutable. Immutable backups are copies safe from any changes, edits, or deletions; and thus, they have the original integrity and security. Regular tests to restore data from these backups are crucial to ensure that in the event of data loss, recovery is guaranteed and swift. This practice not only bolsters your security posture but also significantly influences the terms and coverage limits of your cyber insurance policy.

4. Advanced Endpoint Detection and Response (EDR)

Endpoint security has evolved beyond simple antivirus solutions. Advanced Endpoint Detection and Response (EDR) tools are now essential for providing real-time monitoring and threat detection. EDR systems not only block known threats but also use behavioral analytics to detect unusual activity, potentially identifying and mitigating zero-day exploits before they cause significant harm. Demonstrating the implementation of robust EDR solutions can significantly reassure insurers of your proactive stance on cybersecurity.

5. Enabled Logging for All Systems, Software, and Perimeter Devices

Comprehensive logging is a fundamental aspect of an effective cybersecurity strategy. Enabled logging across all systems, software, and devices allows for detailed monitoring and analysis of potential security events. But that is not all- this data is crucial for forensic investigations and understanding the scope of a security incident that will help remediate and prevent it from happening again. Maintaining detailed logs demonstrates to insurers that your organization can effectively trace and attribute cyber threats, which is critical for both mitigating risks and facilitating claims in the event of a breach.

6. A Password Manager/Vault and Adoption of Least Privilege Access

I previously mentioned MFA which is highly effective for account protection purposes. A password vault is an additional layer of protection that allows you to create extraordinarily complex passwords for individual accounts all protected by a mast password and MFA. The adoption of a password manager or vault helps ensure that passwords are strong, unique, and securely stored, reducing the risk of password-related breaches. Coupled with the principle of least privilege, which ensures that individuals have only the access necessary to perform their job functions. Better still, a PAM solution for the privileged accounts offers much, much greater security. Please contact me for more information on using PAMs.

Conclusion

Understanding and implementing these key cybersecurity practices not only enhances your organization’s security posture but also positions you more favorably in the eyes of cyber insurers. While these are the principal areas of focus, continuous improvement, and adaptation to emerging threats and technologies remain crucial. Investing in these areas demonstrates a mature approach to cybersecurity, which is essential for securing comprehensive and cost-effective cyber insurance coverage.

Stephen Dye is the Principal at Uplift Cyber, a cyber security consulting practice, dedicated to ransomware protection advisory, uplifting the cyber security of businesses, and software assurance. He just published the book: Managed Detection and Response Services: A Cyber Stakeholders Guide available on Amazon.