Cyber attacks are becoming more sophisticated and destructive, especially for small and medium enterprises (SMEs). With rising ransom demands and rising data breaches, companies are investing heavily in building their cyber defenses. However, cyber security is not bulletproof. Purchasing a cyber risk insurance program can help outsource residual risk, and the application of multifactor authentication is a prerequisite not only for obtaining coverage but also for reducing premiums.
Cyber attacks are becoming an existential problem
During 2021, public and private organizations felt the significant impacts of ever-changing cyber threats. Ransomware dominated the 2021 threat environment. The targeted nature of the attack combined with the growing sophistication of cybercriminals has resulted in huge losses for organizations around the world. The threat will increase as ransomware-as-a-service expands its scope and reach.
In the first six months of 2021, the U.S. Treasury Department’s Financial Crimes Network reported that the value of suspicious ransomware-related activities was $ 590 million compared to $ 421 million for the entire 2020. To see also : Phishing Scams are the Most Common Cyber Attack, Says FBI. Meanwhile, the National Cyber Security Center The United Kingdom (NCSC) reported that in just the first four months of 2021, it handled the same number of ransomware incidents as the whole of 2020 – three times the number the NCSC faced in 2019.
According to IBM’s 2021 Data Breach Cost Report, the average cost of a ransomware burglary rose to $ 4.62 million, while the total cost of data breach increased by 10% from 2020 to 2021. Costs relate to four groups of activities related to data breaches: detection and escalation, notification, job loss, and post-breach response. Lost work represents the largest share of the cost of violations (38%).
As cybercriminals mature and improve their tactics, SMEs become most vulnerable because they lack the capacity – staff, technology, budget – to build a strong cyber defense. Small and medium-sized enterprises can quickly become the fruit of criminals who want to target larger enterprises through complex supply chains. If you add a growing regulatory landscape with extensive security and privacy requirements, you can understand why cyber insurance coverage is an existential issue for SMEs.
Why should you get cyber insurance coverage?
As companies become more digital, they are exposed to greater cyber risks. Cyber insurance could mitigate the resulting business impact if technology becomes unavailable due to a cyber incident. See the article : Tech-Governance: MoS Rajeev Chandrashekar speaks on Open Internet, Cyber Security & more. Even if investing in building cybersecurity controls is necessary, these controls are not impenetrable. Cyber-attacks are a question of when, not whether, so cyber insurance is becoming key to ensuring business continuity.
Compliance is another critical reason for getting cyber insurance. Strictly regulated industries such as health and finance are no longer the only ones facing the risk of being penalized for cybersecurity and privacy breaches. All companies are subject to state data breach laws for the collection, processing and storage of personal data. Cyber insurance can help cover the costs of complying with state, federal, and international laws, as well as cover regulatory and penalties.
All in all, cyber insurance coverage is a demonstration of due diligence. Since cyber security is a top priority for many executives, cyber risk insurance is top notch for a diligent board.
What are the critical security requirements for cyber insurance?
When you contact a cyber insurer to discuss the potential of getting insurance, they will first assess your current cyber security position. If your behavior is considered too risky, you will probably be denied insurance. Read also : Anderson University Cybersecurity Center Open to Businesses. Insurers want to help you mitigate residual risk, but they also want to secure their investment.
During their assessments, they are looking for four critical security requirements, the lack of which does not allow for further discussion, says Nikos Georgopoulos, a cyber and privacy risk advisor at Cromar. These four critical prerequisites are:
Back up critical data regularly to an “offline” location that would not be affected by a security incident in your business environment. Test to make sure these backups are backup.Use Multifactor Authentication (MFA) for all your services and applications – cloud-based and local – and for all your employees, not just privileged accounts.Do not allow remote access to a corporate network without virtual private network (VPN).Provide regular and at least once a year cyber security awareness trainingincluding anti-phishing, to all individuals who have access to your organization’s network or confidential / personal information.
The importance of multifactor authentication
“MFA is one of the most important cybersecurity practices to reduce the risk of intrusion – according to industry research, users who enable MFA are up to 99 percent less likely to have their accounts compromised,” the joint CISA-FBI council said.
In fact, multifactor authentication is recommended or required by several regulations, including:
President Biden’s Executive Order to Improve National Cyber Security Office of Management and Budget (OMB) Memorandum on Moving the U.S. Government to the Principles of Zero Confidence Cyber Security ENISA Guidelines for Strengthening Your Organization’s Cyber Resilience
Therefore, it is not surprising that MFA is a prerequisite for obtaining cyber insurance. Even if the company has met all the other requirements, it will have difficulty obtaining insurance if it has not applied the MFA. “There is no MFA, no cyber insurance,” notes Nikos Georgopoulos.
Cyber insurance is a tool that can help SMEs become cyber resilient. However, before they even start talking to an insurer, it is important that companies do their part and invest in basic cyber hygiene controls, including multifactor authentication.
Comments are closed.