Did you recently receive a renewal application from your Cyber Insurance provider? Did it look a lot different than last year’s application? If you noticed that, you are not alone. Cyber insurance requirements are becoming more difficult to meet.
Most companies looking to renew their Cyber Insurance policy are facing new and stiffer requirements than in previous years. Insurance companies are much more concerned with the hygiene practices of their clients where security is concerned than ever before.
And for good reasons. 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86 million to US$4.24 million on an annual basis. And a health care data breach reached $9.23M in 2021, a nearly 30% increase over the prior year.[1] These costs are necessarily going to be passed on to consumers, however, insurance companies are now more than ever interested in what their clients are doing to prevent these costly events.
Cyber Insurance Requirements that are becoming more difficult to meet.[2]
Below are some minimum cyber security policies and practices that you as a consumer of cyber security insurance will be expecting to have in place.
Zero-Trust Models
According to the National Institute of Standards and Technology (NIST), “Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication an authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established. 
Endpoint Detection & Response implemented on all endpoints
Endpoint detection and response (EDR) is a form of endpoint protection that uses data collected from endpoint devices to understand how cyberthreats behave and the ways that organizations respond to cyberthreats.[3]
Multi-Factor Authentication is implemented and required for all remote access
Multi-Factor Authentication (MFA) requires and end user to authenticate using another method. In addition to a username and password, users must provide a second identification method. It can be something only they know, have in their possession, or are.
Backup Procedures, Offline Backup, or Alternative Backup Solutions
With the advent of Ransomware, which renders a customer’s data unusable, the requirement for data backups has garnered much more attention. What used to be a business continuity concern, is now a cyber security must-have.
Identity and Access Management for ad-hoc privileges and restricted network access
With hybrid work being more common than ever, employees need secure access to company resources whether they’re working on-site or remotely. This is where identity and access management (IAM) comes in. The organization’s IT department needs a way to control what users can and can’t access so that sensitive data and functions are restricted to only the people and things that need to work with them.[4]
Privileged Access Management to monitor accounts with privileged access
Privileged access management (PAM) is an identity security solution that helps protect organizations against cyberthreats by monitoring, detecting, and preventing unauthorized privileged access to critical resources. PAM works through a combination of people, processes, and technology and gives you visibility into who is using privileged accounts and what they are doing while they are logged in. Limiting the number of users who have access to administrative functions increases system security while additional layers of protection mitigate data breaches by threat actors.[5]
Good Patch Management
Patch Management, applying security updates to Operating Systems (OS), cannot be an afterthought in today’s threat environment. Bad actors can quickly exploit security vulnerabilities that exist in a computer’s OS. Patch management needs to be regular and automated. The patch management processes must be nimble as well, to respond to Zero-day threats.
Where can you go to get compliance assistance?
With Cyber insurance requirements becoming more difficult to meet, where can companies go to get assistance with meeting these additional requirements? Beyond Impact has assisted its customers with simplifying compliance with all these Cyber Insurance requirements. Through implementation of its Managed Services, Beyond Impact is enhancing customers’ security posture. Through the deployment of Microsoft security services including Microsoft Endpoint Management, Azure Virtual Desktop, and Azure Sentinel our customers are becoming safer. We start with Risk Assessment Program to diagnose the current security landscape, make recommendations, and
proceed with implementation of new security measures.
601 Carlson Parkway, Suite 1050
Minnetonka, MN 55305
612-814-0821
[1] (IBM Cost of a Data Breach Report 2021)
[2] Cyber Insurance Academy
[3] Malwarebytes
[4]https:// www.Microsoft.com/en-us/security/business/security-101/what -is-identity-access-management-iam
[5] https://www.microsoft.com/en-us/security/business/security-101/what-is-privileged-access-management-pam
Comments