Friday, September 01, 2023

Insights On Cybersecurity Insurance Every Business Should Know And Apply


Cybersecurity insurance can be a wise investment for businesses of any size seeking to protect against the financial consequences of a cyberattack or data breach.

Despite the complexities and costs of acquiring cyber insurance, it is still one of the best investments for mitigating the financial impact of a cyber incident – especially for small- and medium-sized businesses, which may not have the resources to cover the costs of a major cyberattack. Cyber insurance can also provide coverage for business interruption, a major concern for companies that rely on technology to conduct their operations.  

Be aware though that pricier premiums for cybersecurity insurance is an unfortunate consequence of the rising number of costly data breaches, ransomware, and other security attacks. Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021, according to the Council for Insurance Agents and Brokers. According to Check Point Research, there was a 38% increase in global attacks in 2022 compared with 2021, accompanied by rising costs for insurers defending and settling cyber claims. IBM's "Cost of a Data Breach Report 2023" (registration required) showed 83% of organizations experienced more than one data breach, while the average cost of a data breach reached $9.44 million in the United States and $4.25 million globally. Also, governments around the world are enacting stricter regulations to protect personal information and sensitive data, resulting in higher limits of liability, a broader definition of loss (reputation recovery, financial recovery, more detailed reporting requirements, etc.), and regular audits and assessments to ensure companies are adhering to enhanced privacy measures.



With stricter requirements, companies will need to be proactive in assessing their insurance needs, weighing the costs and benefits, and working with insurers to ensure they have the right coverage in place.  

Whether cyber insurance is necessary for your business depends on several factors, including the size of your business, the types of data you collect and store, and the potential impact of a data breach or cyberattack. If your business stores sensitive customer information, handles financial transactions, or relies on technology for daily operations, it’s particularly vulnerable to cyber threats. In such cases, cyber insurance can provide critical protection against financial losses, reputational damage, and legal liability in the event of a breach. Large enterprises, and even small businesses, can benefit from cyber insurance, as the cost of a breach could be substantial and possibly devastating for a business, regardless of its size. By purchasing cyber insurance, you can transfer some financial risk associated with cyberattacks to the insurance company.

Cyber insurance is an insurance policy that provides financial protection against losses resulting from cyberattacks, data breaches, and other cyber-related incidents. It may cover costs related to lost income, legal fees, data recovery fees, and the cost of hiring a public relations firm to help with damage control to a company’s brand. Cyber insurance policies typically include coverage for both first party (direct) losses (such as lost revenue or data recovery costs) and third-party losses (such as legal costs and settlement payments). However, insurance companies have now realized that the prevalence of ransomware, and its focus on backup systems, has significantly increased their liability. For this reason, the ability to gain cyber insurance, or maintain it, has changed. 

Of particular note is the reality that Insurance companies have become increasingly careful about underwriting cyber-insurance policies, making it harder for organizations to purchase policies at an affordable price point with the coverage level needed. It's not difficult to figure out why insurers are hesitant — cyberattacks continue to increase while losses may exceed what the insurance market is able to absorb. For example, higher loss ratios for cyber insurance in 2020 and 2021 resulted in higher premiums in 2022 to manage that risk.  Going forward from 2023 and beyond this pattern will likely continue.

It's not surprising that insurers themselves are now proponents of more effective cyber-risk management for policy holders. Expect to see underwriters do the following:

  • Deny coverage if you don't have bare-minimum controls in place. This may include raising the bar for minimum controls. For example, traditional multifactor authentication (MFA) may not be accepted as a strong enough control due to man-in-the-middle (MitM) attacks.
  • Tie premiums to the maturity of your security controls.
  • Include additional conditions and limitations on policies based on the security posture of policyholders and the controls in place when an incident occurs.
While many organizations see cyber insurance as a vital tool for managing cyber-risk, insurers are putting stricter coverage policies in place and increasingly denying claims. As organizations face heightened scrutiny and undergo tighter underwriting processes, it's important to be able to show that your organization is worthy of cyber-insurance coverage.

So just what should organizations implement in order to satisfy the changing requirements of cyber-insurance underwriters. A good place to start is with these 10 controls to manage cyber-risk:

  1. Use invisible/phishing-resistant MFA and move to a passwordless solution.
  2. Segment and segregate networks.
  3. Adopt a robust data backup strategy.
  4. Disable administrative privileges on endpoints.
  5. Conduct regular employee security awareness training.
  6. Deploy endpoint detection and response (EDR) and anti-malware solutions.
  7. Implement Sender Policy Framework (SPF) to prevent email spoofing and phishing attempts.
  8. Create a security operation center (SOC) that operates 24/7.
  9. Deploy a security information event management (SIEM) platform to enable threat detection, incident response, and compliance management.
  10. Implement robust security measures for service accounts within Active Directory (AD) environments.

These 10 controls are a great starting point. But keep in mind it's likely there are many more factors underwriters will evaluate as they review new policy applications (AND renewals). It's a safe bet that underwriters will get more sophisticated about their requirements for identity protection, authentication mechanisms, access controls, and identity management processes to minimize the likelihood and potential impact of a data breach. 

Also, many cyber-insurance policies require organizations to comply with specific regulations related to data protection and privacy where they apply (think HIPAA, FISMA, and GLBA as examples). Demonstrating compliance with these regulations increases your likelihood of qualifying for coverage, possibly leading to more favorable policy terms as well. Compliance can also demonstrate your commitment to securing identities and personal information, which can positively influence insurance underwriting decisions, coverage terms, and premiums.

For starters, as an organization considering cybersecurity insurance it's important that you have a conversation focusing on these two simple questions:

1.  Are you applying for a new policy, or do you have an existing policy coming up for renewal?

2.  What are the requirements you're being asked to fulfill by the insurance provider for a new policy? If renewing, is the insurance provider asking you to fulfill more requirements in order to renew your policy and what are they?

This conversation will lead you to discovery of what actions need to be taken and formulation of a plan to address them.

Here’s a case study of what happened recently when one company followed this approach ... with a little help along the way: 

Situation: The company's policy was coming up for renewal in a few months and their provider required them to fulfill 12 attestations to renew and keep their policy down.

Challenge: The company called all the top service providers for backups, security awareness training, multi-factor authentication (MFA), endpoint detection and response (EDR), and more. They received quotes totaling $50,000 in monthly reoccurring fees across 12 different providers.

Solution: Instead of going to multiple providers directly, the company was able to fulfill all of those requirements with just a few best-of-breed providers by using the FREE design and sourcing assistance from FreedomFire Communications, bringing the total fees down to approximately $15,000 per month. That’s $420,000 in annual savings that the company was able to realize with the FREE help from FreedomFire Communications.


There’s no arguing cyber insurance is a necessary part of doing business in the world we live in today. The good news is that companies are taking note of the costly implication of cyber incidents and beefing up their security budgets. However, companies can (and should) still be fiscally smart about their cybersecurity spending.  To do so it is strongly encouraged to take advantage of the FREE services available through FreedomFire Communications including supplier recommendations, as well as detailed action plans in order of priority – making it easy to guide your organization through a scalable roadmap without overwhelming them.


By taking the actions discussed here, and having a comprehensive cybersecurity strategy in place that includes a strong cybersecurity insurance policy, you can better protect your business against cyberattacks and ensure that you’re prepared in the event of a breach.



Labels: , , , , , , , , ,

Friday, January 29, 2021

LASTPASS AT A GLANCE

 

CURRENT SECURITY LANDSCAPE

You can now stop wasting time writing down, remembering, and resetting passwords. With LastPass, one master password rules them all and keeps the rest locked up in a secure vault. Today over 17.8 million people use LastPass, and four out of five professionals choose it.

One of the main drivers of teams adopting an IDaaS solution is cybersecurity.  With a forty percent increase in targeted phishing or cyber scams in the past month, it is clear cybersecurity is as important or, if not more important than ever. Eighty percent of data breaches involve weak, reused, or stolen credentials. The average total cost of a data breach ends up tallying at around $3.9 million. There is now an urgency in the market to mitigate the risk of a cyberattack by controlling access and managing passwords.  The truth is that minimizing the risk of data breaches involving weak, reused, or stolen credentials is not simple. With the average employee keeping track of 191 passwords and actively using thirty-six cloud services, it is impossible for employees to manage all these passwords securely without help. Also, IT may not even know about all the applications that their employees use. IDaaS solutions help to mitigate the risks of a cyberattack by ensuring the right users can access the right tools, at the right time, for the right reason, and takes the burden off the end-user.

Companies are solving these identity security challenges by deploying single sign-on, authentication, and enterprise password management. LastPass offers all three of these technologies allowing them to solve Identity challenges in a holistic fashion that differentiates them from competitors who only offer one or two of these technologies.

ENTERPRISE PASSWORD MANAGEMENT

LastPass provides Enterprise Password Management. EMP solutions capture and store passwords for all your website and application logins. It also generates new, secure passwords. EPM solutions make it easier for employees to have strong password hygiene and use secure passwords without having to remember them.

AUTHENTICATION

When looking at LastPass MFA, the key differentiators are:

  • Biometric authentication factors including face and touch ID
  • Adaptive authentication to flag any abnormal behavior during the employee login process
  • Enable granular control with policies on geofencing, IP address, and access point
  • Security by design where the biometric never leaves the user’s phone
  • Passwordless experience

SINGLE SIGN-ON

LastPass offers Single Sign-On, also known as SSO, with pre-integrated access to over twelve-hundred applications. SSO provides the capability to authenticate once and be subsequently and automatically authenticated when accessing various applications. It also enables employees to use one single, secure password to access all applications and systems approved by IT. Businesses that purchase an SSO solution are likely looking for ways to reduce the time the IT team spends resetting passwords. They want to increase password security within the org, and they want to put greater control and visibility into employee habits in the hands of IT.

LASTPASS PACKAGES

Three core technologies  compose LastPass business offerings. Their packages are sold on an annual-only contract minimum, and they have a 10-seat minimum for their business solutions.

When looking at their first package, LastPass Enterprise, there are a few items that set them apart from the pack.

  • The only industry-leading password manager coupled with a single sign-on application catalog of over 1,200 pre-integrated apps
  • Custom, granular control with over 100+ custom policies (7x more policies than the competition)
  • Built on a zero-knowledge security model
  • Optimal balance of experience & security

To learn more about LastPass and take advantage of a comparison of 100s of other cybersecurity vendors ... including FREE network design and sourcing support ... simply ask at FreedomFire Communications.

Labels: , , , , , , ,

Thursday, April 23, 2020

Blockchain In Cybersecurity...10 Possible Use Cases

While there are no foolproof methods to stymie hackers, there are steps that can be taken to reduce the chances that our devices and information falls into the wrong hands. Considering how the blockchain can help fortify the cyber security industry is one of the most basic steps toward insulating data from the ever-cunning hackers who will stop at nothing to obtain and leverage our most sensitive data against us.
Blockchain in cyber security - Practical use cases
Read this article for valuable insights and practical use illustrations for deploying blockchain in your cybersecurity strategy....

Blockchain In Cybersecurity...10 Possible Use Cases

Labels: , , ,

Friday, February 07, 2020

The How-To....Protect Your Business From A Data Breach

The How-To: Protect Your Business From A Data Breach
Running a business without adequate data security is a massive risk. Crippling data breaches are increasingly common and no business is immune.
Read this article for some practical “how to’s” for protecting YOUR organization from a data breach.
To learn more about all the options available to you for meeting your information security requirements…including comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , ,

Monday, October 28, 2019

How Data Security And Privacy Can Save Corporations Money

Follow these guidelines to protect your organizations data and your network ecosystem. Adhering to these guidelines and insights will not only protect your valuable information as well as the network infrastructure....but will also save you a significant amount of money from the potential consequences of a data breach.
To learn more about all the options available to you for meeting your organization’s data protection and network security requirements.…including customized security assessments plus comparisons of top tier network security providers and what they have to offer, simply ask us at the following link (FREE). It’s as easy as 1, 2, 3.

Labels: , , ,