Introduction
Key Takeaways
Picture this: your company falls victim to a cyber-attack, resulting in loss of revenue and significant operational downtime. Do you know what your next steps should be?
This is where cyber insurance comes into play, offering businesses the support they need to recover and move forward after a breach. However, obtaining cyber insurance requires careful preparation and, as an MSP, it's crucial to understand the process and the minimum standards needed to apply for insurance and receive coverage.
In a recent webinar, we heard from the experts themselves, Reid Wellock, FifthWall Solution’s President, and Wes Spencer, a Board Advisor for FifthWall, on the necessary measures to get you and your clients approved for cyber insurance and support your cybersecurity program from all angles.
The Current State of Cyber Insurance
For businesses today, it’s not a matter of if an attack will happen, but rather when, making cyber insurance a vital part of any comprehensive cybersecurity strategy. By being prepared and shoring up your defenses, MSPs can protect their businesses and their clients’ businesses, and help them operate smoothly.
But as risks have multiplied, so has the price of insurance.
Until now, carriers have been reacting to the surge in ransomware attacks and the subsequent rise in payouts, rather than operating proactively. This strategy then changes the cost and requirements for organizations looking to purchase cyber insurance because the insurance companies look to new policies to compensate for their past payouts.
But carriers, as they do, prioritize profitability and self-protection. So, in order to take a more proactive approach, they now require companies to improve their cyber defenses, in the hopes doing so will result in fewer breaches and payouts.
Complying with minimum data security standards has thus become essential for obtaining cyber insurance. Insurers need assurance that businesses are adequately protected against breaches, shielding them from making excessive payouts to underprepared organizations. , cyber resilience becomes the cornerstone for businesses, with cyber insurance acting as a support system to ensure operational continuity even in the face of inevitable cyber threats.
Five Must-Have Controls for Cyber Insurance Approval
To improve the chances of obtaining an adequate insurance policy with the best rates, there are five must-have controls all organizations need to implement:
- Multi-Factor Authentication (MFA) - Implement MFA across all remote access points, from the CEO down to every employee.
- Segregated Backups - Store backups off the network or in the cloud and ensure they are "immutable," thus preventing unauthorized or accidental deletion.
- Endpoint Detection and Response (EDR) and Next-Gen Anti-Virus (NGAV) - Utilize platforms that monitor user behavior. According to Wellock, some carriers also now require 24/7 overwatch-managed EDR, meaning there must always be someone supervising the security.
- Patching and Vulnerability Management - Establish a process and policy for addressing vulnerabilities, with a focus on timely fixes (within 30 days) and regular reviews.
- Cybersecurity Employee Training - Conduct training sessions at least once a year, although most carriers prefer training twice a year or more.
While these five controls are the minimum eligibility criteria, striving to exceed them can help your application's chances and potentially lower the insurance cost.
To qualify for the best and most affordable coverage, companies must have robust methods in place for proactively identifying, protecting, and detecting breaches. By meeting and surpassing the minimum standards, businesses can not only secure affordable cyber insurance but also enhance their overall cybersecurity posture, ensuring greater resilience and preparedness.
Cyber insurance exists as a crucial safety net, but the first line of defense lies within the measures taken to prevent incidents in the first place – and this is what insurers are looking for.
Watch the full webinar here.