Thanks to large-scale ransomware attacks on technology providers like Kaseya, everyone involved — from cybersecurity practitioners to the business leaders who hire them, and from local policymakers to the White House — is thinking about how to reduce risk across the board. As cyber attacks grow in quantity and complexity, hurting downstream customers and interrupting business continuity, organizations need to take the right steps to implement proper security controls.
Before, in-house security teams at organizations were scarcely involved with cyber insurers (if the organization had a cyber insurance policy at all). But in the face of an intensifying threat landscape, policyholders, brokers and insurers are working together to find solutions that benefit everyone involved. This newfound collaboration is enabled by technologies and solutions developed by insurtechs, taking the form of data-driven approaches to underwriting and more efficient implementation of best practices, thanks to up-to-the-moment data on security postures gathered by insurers and shared with brokers and policyholders.
Let’s look at a few of the ways that insurers, brokers and policyholders are working together to improve security.
Giving Policyholders Incentives to Adopt Better Controls
Policyholders should be encouraged to implement better cyber defense. Today, cyber insurers are looking for a new baseline of controls, which commonly includes multi-factor authentication (MFA), endpoint detection and response (EDR) and acceptable backup planning and strategy.
- MFA is an authentication method that requires the user to provide two or more credentials to gain access to an account. Rather than just asking for a username and password, MFA requires one or more additional verification factors unique to the individual, which decreases the likelihood of a successful cyber attack. Insurers want to see MFA for access to email, remote access to the network and administrator-level access, as it will help thwart or at least slow down an attacker. While a determined threat actor may find a way around MFA, a company without MFA in use is low-hanging fruit.
- Assuming a skilled threat actor does find a way in, EDR tools can provide an extra layer of threat identification and protection. They have all the benefits of regular antivirus software but go beyond just looking for known indicators of compromise. EDR tools can also identify anomalous user behavior on the endpoint and flag it as suspicious. And if implemented properly, the tools can potentially prevent ransomware from deploying fully. These tools may also have important activity data that forensics investigators can use to determine what the threat actor did in the system and data recovery functions that help a company get back up and running faster. Insurers are increasingly asking about EDR as a control, given it can at least lessen the impact of ransomware incidents.
- In connection with efficient data recovery, solid backup strategy and documentation of a disaster recovery or business continuity plan will help provide peace of mind to policyholders that they are prepared for the worst-case scenario. Security protocols that include immutable backups (a backup that is read-only and cannot be altered or deleted by anyone, including an administrator at the company) are often supported by top-tier cloud backup solutions, marking another important consideration for policyholder investments. Gone are the days where backing up to a separate server is sufficient. Many organizations are moving their backup solutions to the cloud or adopting a hybrid model for this very reason — but it’s how you protect those cloud backups that is key. Organizations need to invest in a solution that will prevent internal members from making changes to backups, because a threat actor that steals their credentials will attempt to access and delete backups as a way to force an organization’s hand at paying.
To fully harness the power of these protective tools, there are two main ways to encourage policyholder usage: fair pricing and education. The cost of cloud backup solutions and EDR tools has come down significantly in recent years, meaning these tools are no longer cost-prohibitive for most companies. For insurers, providing additional discounts on top of already reasonable pricing can be what pushes an organization over to compliance. The greater challenge is in prioritizing what controls to implement and identifying the right vendor (there’s a lot of noise out there!). This is where education can be key and where cyber insurers and brokers can step in to recommend solid partners and solutions.
See also: How Insurtech Boosts Cyber Risk
Enable Underwriters With Tech for Increased Visibility
Cyber underwriters have traditionally relied on application questions, emails and underwriting calls for larger accounts to obtain cybersecurity information to underwrite an account. Insurtech in cyber insurance empowers underwriters with additional data points about a risk’s posture so they can take a data-driven approach to underwriting.
The ability to scan for threats, and identify risk levels based on existing data, enables underwriters to identify vulnerabilities and build a more meaningful analysis. While there’s no tech-enabled replacement for an experienced underwriter, being able to gain insight into an organization’s IT infrastructure to discover common risk factors (some they may not even be aware of) can streamline the process. The applicant is able to mitigate risk and improve cyber hygiene, which gives the underwriter the additional confidence to move forward.
In the end, thanks to tech-enabled underwriting, the result is an insured organization. Given the current risk environment and hard market for cyber insurance, we can confidently say that, without the ability to pinpoint risk factors at an individual account level, far more insurers and their underwriters would have further clamped down on cyber limits, increased rates and perhaps exited the market entirely — meaning insurance would be inaccessible for most, if available at all.
Standardize a Threat Response
Cyber insurers and brokers can work with existing policyholders to identify new, active threats during the policy term and support them in their response.
Once a policyholder is identified as at-risk, tech-enabled cyber insurance providers can consistently monitor the situation and communicate clearly, concisely and quickly about what’s happening. As more information becomes available, it is critical to not only alert the right people but provide extra context around the vulnerability, what the risk is if they don’t patch it and the steps needed to resolve it. This should be done in a way so that all types of team members (in addition to IT professionals) can understand the criticality and communicate it to the right stakeholders for resolution.
See also: Wake-Up Call on Ransomware
Another method to support policyholders is to weave in prioritized cybersecurity recommendations. At Corvus, our “vCISO,” or virtual CISO, guidance is one way we help policyholders take a stance against threats. This starts with a short security assessment, and pairing of the responses with scan findings that provide the policyholder with a prioritized list of cybersecurity recommendations and resources to help them implement controls or remediate vulnerabilities. This type of consistent, close collaboration is core to the cybersecurity approach that modern insurtech providers are taking to make an enduring impact on risk, rather than checking off a few boxes at the point of underwriting and renewal.
To boost digital resilience and strengthen cyber hygiene against outside threats, policyholders need to have both the context for why certain security controls are so crucial, as well as the ability to adequately implement them within their organization. Insurers and brokers play a pivotal role in guiding policyholders to make the best decisions to limit their risk, and solutions developed by insurtechs help get the process off the ground with data-backed guidance. As cyber attacks evolve, so will protection strategies — and the sooner companies adopt supporting technologies the easier it will be to get on the same playing field as cybercriminals.
