Businessman caught in heavy rain hiding under his jacket showing cyber insurance

Amid Surge in Ransomware Attacks, More Organizations Are Being Rejected for Cyber Insurance — What Can Leaders Do?

The confusing process of obtaining and renewing cyber insurance is nothing new to companies and their founders. However, the surge in ransomware attacks and the complex cybersecurity landscape – complicated by the growing adoption of remote work – are giving insurance companies leverage to hike premiums at alarming rates.

Just last quarter, U.S. cyber insurance prices increased 79% from a year earlier, according to Marsh’s Global Insurance Market Index. A recent Forrester survey showed only two in 10 organizations have coverage in excess of $600,000, which was the median ransomware demand amount in 2021. IBM determined the average ransomware attack cost $4.54 million last year, not including the cost of the ransom, and that 83% of the organizations have had more than one data breach.

The frequency of attacks is causing insurers to change their cyber policies, including limiting the amount of coverage they provide, because of the cost of payouts. Companies must now be able to prove that they can prevent or endure a cyberattack to qualify for the type of coverage they seek.

With that, here are three strategies to help you find right the coverage, keep costs affordable, and get approved for coverage you need.

1. Deescalate the top risk: privilege sprawl

Before soliciting cyber insurance quotes, examine several areas of your network security to understand what vulnerabilities exist. Insurers will do just that, so anticipating gaps in your infrastructure, software, and systems will provide you with a clearer idea of what your company needs.

Start with your enterprise network. Who has access and to what degree? Every person who has access to your network provides an attack vector, increasing the possibility of an attacker accessing more data through lateral movement. If an outside agent can gain entry to your network, that person or bot can harvest the most privileged credentials and move between servers and throughout the storage infrastructure while continually exploiting valuable sensitive data. That’s why most insurance audits consider privilege sprawl to be among the top risks. It happens when special rights to a system have been granted to too many people. It impacts the cost of premiums and could even lead to a loss of coverage.

Public cloud assets also present an opportunity for a strike. Is access to that information secure? You can limit exposure to privileged identity-based attacks by protecting accounts held by administrators, those in DevOps, and others with high-level clearance. IBM determined that 45% of all data breaches last year occurred in the cloud.

Remote operations are increasingly becoming the target of attacks, too, especially as more employees work at home. If you embrace a network with zero standing privileges and adopt continuous authentication on remote devices, you can provide better security against cyberattacks.

Remember, your company can undergo a variety of cyber health checks to assess its vulnerability. The findings of those audits can be used to address weaknesses or as part of discussions with insurers. Having too many deficiencies and no plan to address them may make you uninsurable.

2. Lack of incident response plans, their currency and training

Colonial Pipeline quickly paid the $4.4 million demand when it was struck by a ransomware attack last year. CEO Joseph Blount testified before a U.S. Senate committee sharing that his company paid the ransom because it had cyber insurance, but no response plan.

Insurance carriers want to know what kind of backup plan your company has in case of a ransomware attack, especially as they continue to increase the standard for payouts. They’ll ask how often your strategy has been tested, if it has proven successful in recovering data, and whether the information was restored in a timely manner. Companies have still had to pay ransoms because of how long data restoration can take.

Outline a response plan with the support of your leadership team and practice it routinely. Everyone at the company must be involved in the planning and aware of what steps to take during an attack. Insurers like to see that your board of directors and other executives are involved in that plan. By demonstrating preparation and remaining vigilant to prevent lapses, you can achieve lower premiums.

Being resilient is necessary in the cyber world. Being agile and resilient, however, is even better.

3. Align your cybersecurity solutions and protocols to new and emerging attack patterns

Recent cyberattacks have shown that protecting credentials isn’t enough. Cybercriminals know what they’re doing and how to obtain the information they want. Safeguards that may have been successful in the past often no longer work.

Nearly 74% of successful breaches result from privileged identity sprawl, lateral movement, and the failure to properly secure accounts, according to the Verizon Data Breach Investigations Report. That means insurers are more aware of lateral movement attacks, too. Many are looking for organizations to embrace several simple strategies that can reduce cyberattacks.

Zero standing privilege was built on the zero-trust cybersecurity strategy of “never trust, always verify” that was created by John Kindervag. However, 59% of organizations don’t deploy zero-trust cybersecurity architecture, according to IBM.

You can reduce vulnerability by removing administrator accounts from every endpoint, restricting all user accounts from being trusted by default, and explicitly authenticating each user. By adopting just-in-time and just-enough-access policies, you can control when administrators have top-level privileges and not when attackers do.

As cyberattacks evolve, so, too, must your company’s ability to remain alert and protect your data.

Cyber insurance coverage is just one step against threats

Overall, insurers will scrutinize your processes and use your approach to cybersecurity to determine whether your company is a risk. Merely having cyber insurance isn’t the only security measure your company should take.

If your renewal is dropped, other insurers will want to know why that happened and how you’re addressing those deficiencies. Maintaining strong relationships with brokers can help you find comfort with the policy you seek.

Surge in #ransomware attacks and the complex #cybersecurity landscape – complicated by the growing adoption of #remotework – are giving #cyberinsurance companies leverage to hike premiums at alarming rates. #respectdataClick to Tweet

Cyberattacks are becoming more frequent. They’re also getting more costly as companies pay to recover their data, return to normal operations, and try to repair the damage done to their brand. Every attack that occurs should serve as a reminder that obtaining the right level of cyber insurance coverage is another proactive step to take to bolster your cyber resilience, remain safe and lower costs.