How to keep your cyber insurer happy

You’re doing all you can to maintain a highly effective cybersecurity program. Still, with 80.7% of organisations compromised by at least one successful attack in 2020, no company can afford to be without cyber insurance. But, like any insurance policy, there are conditions that the insured must follow to keep their cyber insurer happy. With the average cost of a data breach in 2021 reaching $4.24 million, a declined insurance claim is something to be avoided at all costs!  

This post will walk you through the steps you can take to help ensure you’re compliant, avoid costly breaches and keep your premiums down. Please do check the terms of your policy too – cyber insurers will have their own terms and conditions.  

Regularly (and frequently) assess your systems for vulnerabilities

If you don’t have a scanner in place to inspect your systems for potential weaknesses, get one immediately. We recommend Rapid7, Qualys or Tenable. With a scanner in place, you can carry out regular checks of your systems and flag a list of vulnerabilities for you to tackle.  

Unfortunately, for many businesses the list provided can contain hundreds, if not thousands, of issues – too many for a team to get through. That’s why we created RankedRight: to give cybersecurity teams a way of prioritising vulnerabilities so they can tackle what is most critical to their business.  

Having these tools in place to implement fixes for weaknesses in your systems will make your cyber insurer happy.  

Create an incident response plan  

We all fear an attack, but the impact can be eased if you have a plan in place for resolution. We’re prepared a guide on how to do this with the help of MDSec’s Chris Basnett.

Inform your business on how to stay vigilant

If you’re in a business of thousands, you can’t keep an eye out for every suspicious activity; you need your colleagues to do it too.  

Teach them how to be vigilant by giving them clear guidance on what to look out for, and then train them on the steps they must take if they spot something suspicious. There are hundreds of training providers online who will be able to provide compulsory IT security training for your staff in areas such as password use and links from unknown sources.  

Your training should also include who they should alert if they spot something suspicious, and as part of your incident response plan, you should have assigned a Head of Response.  

This behaviour will show your cyber insurer that you have good security governance in place.  

Follow all encryption and data storage best practices  

In terms of data storage, it’s vital that your insurer can see that your data is not being stored all in one place and is instead split across multiple locations. This means that if you are compromised, you don’t lose everything. This is especially important given the recent increase in ransomware – it’s predicted that a business will fall victim to a ransomware attack every 11 seconds in 2021.

And what of backing up data? Having your system backed up effectively can make a massive difference to the impact of a breach. Therefore it’s likely your insurer will require a particular frequency and method of data back-ups. Familiarise yourself with what these are.    

If your data management is outsourced, your protection is only as good as theirs, so ensure they run regular security checks. Given that an estimated two-thirds of breaches result from a supplier or third-party vulnerabilities, it’s wise to ensure your supply chain is also running regular security checks.

Perform frequent penetration testing

A penetration test (or pen test) is a simulated attack on your IT systems to check for exploitable vulnerabilities. This is essentially a great way of staying one step ahead of cybercriminals and should form a core part of your cybersecurity program. If someone is testing your security, it should be you.  

Don’t let remote working be your downfall

Since the Covid-19 pandemic began, the FBI has reported a 300% increase in reported cybercrimes, and remote working has increased the average cost of a data breach by $137,000. Why? To allow your entire workforce to work from home the past 18 months, you’ve amended your remote access technologies, and this, if not done correctly, can make your business a prime target for attack.  

Steps such as multi-factor authentication can help here and will win you brownie points with your insurer. (So much so, if you can apply it to all your business software and emails, the better.)

What’s more, with a return to the office imminent and the potential for recruitment/redundancies, keep on top of remote access solutions that need to be left open (under protection) and which can be closed.  

There you have it. The last thing you want is to be without your cyber insurance when a significant breach occurs, and hopefully, our tips will help you ensure that doesn’t happen. Give your business the best chance of protection by booking a demo of RankedRight today.