Cyber insurance may be harder to obtain.
Cyber insurers now require their customers to have specific cybersecurity measures in place – or face non-renewal of their policies as of the first of September.
The cyber insurance market continues to harden from a seemingly endless number of claims due to cybersecurity attacks. While some insurers are exiting the cyber market, others have doubled down on their requirements.
Currently, to be considered for renewal – or to get a quote – an organization must have the following security measures actively deployed:
- Multifactor authentication on email and critical systems access
- Endpoint Detection and Response software on all devices that access the corporate network
- Air-gapped backups – such as imaging stored in the cloud or other off-site locations.
Insurance Journal noted a fourth requirement: Dual authentication measures for funds transfer.
The FBI and other cyber experts have long said that enabling Multifactor Authentication on email systems and other critical functions can halt 90 percent of intrusions. Multifactor authentication is another step in the access process but uses something held only by the authorized account holder. This ranges from a fingerprint or iris match to an authentication code on your phone.
Endpoint Detection and Response is newer software that monitors every device on a network for anomalous behavior. When a problem is detected, the software quarantines it on the device and alerts the user. Some software programs guide the user through remediation steps. The theory behind EDR is to stop malicious code before it spreads throughout a network.
Air-gapped backups mean one of your backups is physically unconnected to the rest of your backup storage or systems. This prevents crooks from encrypting backups, usually with ransomware, and preventing an organization from rapidly recovering from an attack.
We also encourage companies to occasionally test their air-gapped backups so they know they can recover – and how long it will take to recover from a backup.
Other requirements vary from insurer to insurer, but all renewals and policies now come with detailed questionnaires about policyholders’ cyber measures, also known as one’s “security posture.” Insurance firms may also run vulnerability scans of prospects’ networks to assess actual against stated security.
Cyber insurance has become a necessary cost of doing business in the 21st century. And implementing current cybersecurity measures is a part of that cost.
Need help meeting cyber insurance requirements? We can help you improve your organization’s security posture. Contact us today to learn more!