Cybersecurity is a critical issue that’s top of mind for many companies. ThoughtLab, an organization that combines visionary thought leadership with rigorous analysis, conducted a 2022 cybersecurity survey that found, among other things, that the pandemic amplified cybersecurity risks and breaches.
ThoughtLab’s survey uncovered the following:
- The number of cyberattacks and data breaches increased by 15.1% from 2020 to 2021.
- Cybercriminals can penetrate 93% of company networks.
- Credential compromise is the main way that cybercriminals get into networks (71%).
Cyber Insurance is critical for companies to protect themselves—and their data—from potentially devastating cybersecurity breaches. Cyber Insurance covers an organization’s losses from a cyberattack or data breach, such as cyber criminals stealing customers’ Social Security numbers, credit card numbers, bank account information, and/or health records.
Additionally, Cyber Insurance protects companies from the cost of IT infrastructure attacks. IT infrastructure is interconnected hardware and software systems a company uses to run their daily operations and business—from servers and data storage to operating systems and their internet network. If that infrastructure is breached by a cyber criminal, the results can be catastrophic for the business.
As cyber crimes continue increasing in frequency and severity, many Cyber Insurance carriers are requiring companies to adhere to specific security control requirements to better mitigate their risk exposure. Our Professional Lines experts have outlined 11 actionable steps that your commercial clients should take to prepare for their cyber insurance renewals and ensure they are getting the best coverage at the best rate:
1. Enable multi-factor authentication (MFA) for all logins. Passwords alone won’t protect a business’s network, so organizations must require additional forms of authentication to mitigate their risk. MFA is an effective way to reduce risks across a company and should be enabled for email, virtual private networks (VPN), critical system access, and remote access. As a general rule, organizations should audit their MFA implementation regularly. Cybercriminals look for any network vulnerabilities, including any openings not protected by MFA.
2. Create, test, and update an incident response plan. If a company experiences a cyberattack, they’ll need to act immediately to minimize damage and repercussions. Organizations should create an incident response plan outlining how they’ll identify, respond, and recover from a cyberattack or data breach. Ensure all critical departments and people are involved in developing the plan—including the proper representatives from IT, legal, HR, and PR. Practice the incident response plan regularly, using different scenarios. Review and update the plan frequently to ensure all information is current.
3. Tighten up on access control. Stolen credentials are the most common way (71%) to breach a network, and one way to prevent this is by implementing strong Identity Access Management (IAM) controls. IAM is a framework of business systems and technologies that allows IT managers to manage electronic or digital identities. With this framework in place, organizations have better control over which users have access to critical information. This improves online security and enables organizations to identify threats of infiltration more quickly.
It’s also important to limit users’ access to only the information that’s required for them to do their jobs. If an employee has more access than they need and a cybercriminal steals that employee’s credentials, the criminal will instantly have greater network access and could potentially cause more damage. Adjust permissions when employees’ roles change, and remove access completely once employees leave the organization.
4. Implement VPN security. A virtual private network (VPN) ensures that employees can securely access their company’s network while not in the office. It allows employees to work remotely—from home, at a hotel, in an airport—while preventing unauthorized people from “eavesdropping” on information, lowering the risk of security breaches. A VPN sends traffic securely by establishing an encrypted connection across the internet for data to flow through. Data from employees’ devices (e.g., their computer, tablet, or smartphone) travels through this connection to the company’s network.
5. Retire legacy devices and software (or implement additional controls). Cybercriminals often target older systems, thinking that security issues are no longer being addressed or closely monitored. Many organizations still use legacy operating systems—like Windows 2003, XP, and Server 2008 R2, for example—which increases vulnerabilities because security patches are no longer being released for these systems. If businesses are using older systems, they must implement additional controls to restrict access and monitor for suspicious behaviors.
6. Install advanced endpoint detection and response (EDR) solutions. All endpoints and servers should have EDR solutions to help prevent malicious activities. EDR solutions use various data analytics techniques to detect and contain suspicious behavior, investigate cybersecurity incidents, and provide remediation guidance to restore affected systems.
7. Improve log management. Logs are the files detailing events that occur within a company’s systems and networks, including servers, firewalls, and other IT equipment. They’re like a computer’s historical record, documenting every action or change within the system. Log management centralizes all the log data into a single location for more effective security monitoring and comprehensive auditing, allowing companies to more quickly identify deviations from expected activity and increase visibility around security issues. Be sure to configure logs for proper storage and double check that storage space is robust enough to retain these logs for at least 90 days.
8. Implement a patch management program. A software patch is a quick fix to resolve functionality issues, improve security, or add new features. Your clients’ companies should have a patching program that manages software updates, resolves problems promptly and effectively, and identifies risks and exposures. Common areas that need patches include operating systems, applications, and embedded systems, such as network equipment. After a piece of software is released, if a vulnerability is found, a patch can be used to fix the issue, decreasing security risks to a company’s network.
9. Have (and test) backup systems. Companies must review and test their recovery capabilities often. They need offline backup systems in case of ransomware attacks, data corruption, data loss, and other malicious events. Backups should be encrypted and stored in an air-gapped environment, which helps ensure a computer network is secure by physically isolating it from unsecured networks, such as the public internet. An air-gapped environment—where the computer or network is disconnected from all other systems—helps protect data from criminals who want to access or alter the files. Test the backups regularly with spot-checks and full restoration events.
10. Provide security training for employees. All employees should be trained to understand the threat of cybercrimes and the potentially huge ramifications from a cyberattack. Make sure employees understand the importance of strong passwords and know what to do (and not do) in a variety of situations. For instance, they should never open an attachment from an unknown sender, share their passwords, or leave their company computer unattended in a public place. Let employees know the proper protocols for reporting concerns and suspicious cyber behaviors.
11. Create separate IT and cybersecurity roles. Your clients’ companies should have separate IT and cybersecurity roles, where the IT teams can focus on keeping the technology running smoothly and the cybersecurity experts can scan for suspicious activity, protect the cyber environment, and keep up with the ever-changing cyber threat landscape.
With the premium increases and stricter security controls being placed on Cyber Insurance accounts by carriers, it’s never been more important to place your trust in a specialized wholesaler. Jencap has the broad market access and Professional Lines expertise to ensure your clients are properly covered. Contact us today to learn more.
