Skip to main content

Cyber Insurance: Protection from the unexpected breach

Imagine a business owner facing the aftermath of a devastating fire, their physical assets destroyed and their operations halted.  Cyber insurance acts as a safety net, providing financial protection against the unforeseen consequences of cyber attacks.  And just as insurance protects businesses from physical disasters, cyber insurance safeguards against financial losses and reputational damage caused by data breaches, ransomware attacks, and other cyber threats.


Investing In Cyber Insurance

Small businesses need to carefully evaluate their cyber insurance options while considering the level of coverage, exclusions, and potential deductibles.  By investing in cyber insurance, small companies can mitigate the financial impact of cyber attacks and ensure their continued operations.

Five "Must Have" Security Controls To Be Considered Insurable:

These are the minimums insurance companies want to see:

Multi-Factor Authentication (MFA): You probably have seen this before.  This method requires a user to provide two or more verification steps to gain access to an application login, online account, or a VPN (virtual private network you use from home to connect to work). Simply put, MFA is a baseline, bare minimum, requirement for today's cyber carriers.  

Segregated Backups (Stored in a separate location): In a world where ransomware is around every corner, backups are only as good as where they're stored.  If backups are not separate, either physically or in the cloud, a ransomware event could very likely encrypt those backups, making them useless. 

Endpoint Detection & Response (EDR): (& Next Generation Anti-Virus (NGAV): EDR is software that is on a constant lookout for suspicious behavior and, if found, provides notice.  This is one of Port Haven's flagship products.  And we provide it at a special rate for your small business. To use your work computers as endpoint examples, endpoint detection looks at every computer --- if it detects anything unusual, it rings the alarm. While EDR in itself is a vital security tool, more carriers are now also looking for Managed Detection & Response (MDR) to add on to EDR. MDR is a 24/7 team of dedicated staff that investigates any alerts immediately. 

NGAV goes hand-in-hand with EDR. Traditional Anti-Virus is looking for viruses that are in a known directory and cataloged. Next-Generation Antivirus (NGAV) goes one step further. It uses a combination of artificial intelligence, behavioral detection, and machine learning algorithms so that known and unknown threats can be anticipated and immediately prevented. This isn't your parent's McAfee Antivirus from the 90s.

Patching & Vulnerability Management: With new vulnerabilities coming out daily, patching critical issues in less than 30 days is a must. Vulnerability scanning is a critical piece of patching regularly as businesses can't protect against what they don't know about. 

Cybersecurity Training for Employees: Cybersecurity Training is not a "nice-to-have" company policy anymore. Cybersecurity Training is often required for all users on your network to learn how to spot phishing emails and other threats that bypass security tools. 

A Little History

Let’s go back to early 1997 when the first cyber insurance policies were being written.  More and more companies were conducting business online and hackers harvested with glee in this new frontier.  Without any historical data to create proper actuary tables, it was difficult for insurance companies to properly price cyber insurance products and the looming possibility of a large-scale cyber attack.

Initially, the insurance industry was blindsided by the initial claims.  Cyber attacks were growing at an incredible rate.  The industry had to catch up with more restrictions and compliance requirements.  By 2014 we witnessed the retail industry getting breached.  In 2015, it was the healthcare attacks.  By 2020, with the pandemic and the remote work-from-home policy, cyber attacks grew 300%.  Cyber insurance has become as common as auto insurance or business liability policies.

Investing in cyber insurance goes beyond mere financial protection.  It fosters a proactive approach to cybersecurity, often requiring businesses to implement basic security measures to qualify for coverage.  This includes, as mentioned above, password management, employee training, and system updates, strengthening your overall cybersecurity posture.

With a growing number of insurers offering cyber insurance, navigating the options can be overwhelming. 

Here are some key factors to consider when choosing a policy:

Coverage needs: Analyze your business's data assets, online operations, and potential vulnerabilities to determine the appropriate level of coverage.

Deductibles and exclusions: Understand the deductible you'll be responsible for and any exclusions in the policy. 

Reputation and track record: Research the insurance company's experience handling cyber claims and overall customer service.

Cybersecurity cannot be an afterthought in today's digital world.  For small companies, cyber insurance represents a wise investment, a safety net that can be the difference between weathering a cyber storm and succumbing to its devastating consequences.  

Being prepared is essential to survival.  So, arm your business with the tools it needs to thrive in the face of digital threats and embrace cyber insurance as part of your virtual shield.

Comments

Post a Comment

Popular posts from this blog

AI and Cybersecurity: A Powerhouse Duo for Small Businesses

Small businesses face complex and expensive cybersecurity challenges, but AI is being used to simplify defenses, making cybersecurity protection more affordable for small companies.  Read on to discover how embracing AI can work to secure your digital assets and improve your data care. Cybersecurity can feel like a complex beast, especially for small businesses.  Between technical jargon and ever-evolving threats, it's tough to know where to start.  But there is good news: Artificial intelligence (AI) is entering the scene, offering powerful tools to simplify and strengthen your efforts. Think of AI as a super-smart security guard.  It's constantly scanning, analyzing, and learning, keeping you one step ahead of the bad guys. Here's how AI can be your cybersecurity hero:
Post a Comment
Read more

China Actively Preparing Cyber Threats: US Grapples with Balancing Security and Privacy Concerns

I recently watched the January 2024 House hearing entitled "The CCP Cyber Threat to the American Homeland and National Security". It highlighted the growing concern over China's aggressive cyber activities that have plagued our technical infrastructure for decades.   U.S. Cyber Command Commander General Paul Nakasone, FBI Director Christopher Wray, National Cyber Director Harry Coker, CISA Director Jen Easterly, and Rep. Mike Gallagher (R-WI). I was locked into what Jen Easterly, the Director for the Cybersecurity and Infrastructure Security Agency (CISA) was saying throughout the hearing.  She emerged as a key voice, emphasizing the need for a shift in perspective against China and their active pursuit of cyber threats toward the U.S.
Post a Comment
Read more

Humans: The Achilles' Heel of Cybersecurity. Better Passwords For Your Data Care.

When I’m not researching and writing about cybersecurity, I have a normal day job working in the development department for a nonprofit organization where, just yesterday, I found three cybersecurity alerts in my Outlook email. “You must change your password…”; “We had a phishing incident…”; “Our IT company has initiated MFA…”. It was a lovely way to begin my morning. I was puzzled that someone in our mid-sized company was tricked into clicking a malicious email link. How could this happen? Doesn’t everyone realize what phishing emails look like? The improper English; fake links, the sense of urgency? Apparently, not… H umans are still the weakest link in any data care plan. I sometimes feel that costly cybersecurity tools are more about protecting companies from their own employees than external threats. Businesses should elevate employee education, awareness, and periodic trainings to strengthen data care and minimize human error. I have some inexpensive ideas I often share with busi...
Post a Comment
Read more