Page 50 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 50

Not only has the rash of ransomware attacks sent cyber insurance premiums soaring, it’s also affected
            the coverage that some insurers are willing to offer. In May, French insurance giant AXA announced it
            would no longer write policies that reimburse ransomware victims  – and were immediately hit with a
            retaliatory ransomware attack – while other insurers are declining to take on new clients, or capping their
            coverage at about half of what they used to offer.



            How can you lower the cost of your cyber insurance policy?


            A wide range of factors can impact your cyber insurance premium, including the size of your business
            and its annual revenue, the industry you operate in, and the type of data you have access to.

            But in much the same way that a high-risk driver will have to pay more for car insurance, the Howden
            report  found  that  insurers  are  demanding  more  from  business’  cybersecurity,  and  will  charge
            organisations that are more likely to fall victim to a breach a higher premium – or refuse to insure them
            altogether.

            This is in line with a recent letter from the Insurance Council of Australia to the Department of Home
            Affairs,  in  which  the  Insurance  Council  wrote:  “Insurance  underwriters  place  a  strong  focus  on  a
            customer’s  risk  management  and  security  culture  when  reviewing,  assessing  and  pricing  the  risk.
            Effective risk management, including a strong internal security culture, can be the most effective defence
            against threats.”

            This might seem like a no-brainer, but it hasn’t always been this way. In the past, insurers might have
            just asked potential clients to fill out a questionnaire about their cybersecurity practices, and taken them
            at their word that their house was in order.

            In today’s environment, however, these insurers are partnering with outside firms to vet potential clients’
            cybersecurity protocols, and demanding to see evidence that they have appropriate controls in place and
            are following best practices, including using multi-factor authentication, implementing zero trust policies,
            and backing up and encrypting their data.
            For instance, the IBM and Ponemon report on the cost of data breaches found that organisations using
            high standard encryption – at least 256 AES, at rest and in transit – had an average breach cost that was
            29.4 per cent lower than organisations using low standard or no encryption. Insurers, who are likely to
            be  aware  of  that  data,  might  then  offer  broader  cover  and  better  pricing  to  organisations  that  can
            demonstrate they’re using strong encryption technology.

            Companies  who  take  a proactive  approach  by  providing  cyber security education  for  all  employees,
            including advice on how to identify suspicious emails and requests, are also likely to be looked upon
            favourably by insurers.


            “Carriers… are demanding extremely high cyber security standards,” says Shay Simkin, Global Head of
            Cyber at Howden.










                                                                                                              50
   45   46   47   48   49   50   51   52   53   54   55