Security threats continue to escalate. From advanced hacks engineered by nation-state actors to more prosaic attacks using “as-a-service” malware, organizations face a constant barrage of threats to their IT infrastructure and data.
Hackers continue to shift their strategies as they find new vulnerabilities.
However, organizations will need to do their due diligence if they are purchasing insurance for the first time in 2022. The increasing frequency and severity of cyberattacks over the past two years has triggered significant changes to the marketplace.
Following a record year for cybercrime — Forbes estimates it cost global economies over $6 trillion in 2021 — cyber insurance policies are becoming increasingly expensive and more difficult to obtain. Forced to pay out more and larger claims, insurers are hiking premiums while also requiring organizations to meet higher security benchmarks to qualify for coverage.
Making Your Case
The Council of Insurance Agents & Brokers reports that premiums are up as much as 80 percent from last year. Insurers are also changing the terms of their coverage in other ways, such as raising deductibles, reducing coverage limits and being more selective about whom they will cover.
In fact, most underwriters now require potential clients to provide detailed documentation of their cybersecurity practices. They want to see that potential clients have a robust backup environment, strong access controls and a formal incident response plan. Many also require documentation of specific controls for ransomware, business recovery procedures and regulatory compliance efforts.
Putting such controls in place can be a challenge for small to midsized businesses (SMBs) that lack in-house security expertise and are faced with limited budgets. In a recent study, just 14 percent of SMBs rated their ability to mitigate cyber risk as highly effective — which helps explain why more than half of all cyberattacks target SMBs.
How GDS Can Help
Cyber insurance is a necessary part of an effective risk management strategy.
With decades of experience providing technology solutions for SMBs, GDS understands the challenges. That’s why we’ve developed a suite of managed security services that can help organizations demonstrate to insurers that they are taking the necessary precautions. Our services include:
- Incident response planning. We can help you develop a formal incident response plan that outlines specific procedures for detecting and responding to a cyberattack. Such a plan demonstrates a proactive approach to cybersecurity and will make you a good candidate for insurance.
- Vulnerability assessments. Regular network scans, penetration tests and audits help identify any gaps in your security posture and help you prioritize the activities needed to close those gaps.
- Data protection. Regular data backups help reduce the threat of ransomware. The process should include an isolated backup copy that cannot be encrypted, deleted or otherwise modified in any way, even by an administrator. This will ensure you have a clean version of data that is always recoverable.
- Network segmentation. Segmentation breaks up the network into smaller, isolated parts to prevent attacks from spreading throughout the network. It also ensures that authenticated users can only access network segments, applications and services necessary for their jobs.
- End-user security. The GDS End-User Security Service is a cloud-based solution that protects users and devices on and off the corporate network. The solution continuously scans for malicious content to prevent it from reaching end-users, and actively monitors endpoint devices to detect and mitigate threats.
Despite rising costs and more stringent requirements, cyber insurance is a necessary part of an effective risk management strategy. One way to get a good policy and keep a lid on premiums is to prove to the insurer that you have a good cybersecurity strategy in place. GDS has the tools, resources and expertise to help you make your case. Contact us to learn more.