Getting cyberinsurance for your business
A common struggle for businesses is getting affordable cyber insurance. As the industry continues to evolve, additional security controls are required. CGP recently authored an article with Fifthwall Solutions, one of the only cyberinsurance focused wholesalers (i.e. who insurance agencies & agents get your policies from) about the steps your business should be taking to manage cyber risk.
There are 3 aspects of cyberinsurance that drive costs:
You business’ size, industry and amount of data you manage
The controls (ex: a good firewall) you have in place to minimize the chances and scope of an attack (notice we said minimize and not stop! Even the insurers know it is “when not if”)
The recovery costs from an incident (ex: how fast can you identify compromised data, and how fast can you get the business back online)
Below are several key controls that will allow you to get quotes from a majority of cyberinsurers and are an excellent example of the baseline that every company should have.
Multifactor Authentication (MFA)
MFA is the process of requiring another method of authentication after entering your password, such as entering a text code or clicking accept via an app on your cell phone.
“MFA can block over 99.9 percent of account compromise attacks” (Microsoft)
This is one of the best bang for your buck tools for your business. MFA is included for free in many modern softwares and should be setup on anything accessible outside the office.
Next gen antivirus (NGAV) / Endpoint detection & response (EDR)
Every computer should be protected with advanced software to both stop and detect threats. Users’ devices and computers (“endpoints”) are where the vast majority of threats enter your business. EDR is the next evolution of antivirus software, and is substantially more powerful.
Off-site / detached backups
In the event of a breach, data and systems will likely need to be restored from backups. Properly setup backups cannot be accessed from the main network, which means that attackers cannot delete them to force a ransom payment.
Patching & Vulnerability Scanning
New vulnerabilities are found in software every day. Promptly installing patches (i.e. updates) are critical to preventing attacks. Vulnerability scanning looks at your network to find potentially vulnerable software, and frequently identifies missing patches.
Not sure if you can meet these requirements? CGP has in-depth cybersecurity experience and designed our service plans to meet the majority of regulatory requirements, including cyberinsurance requirements such as the above. The experts at Fifthwall work with our team to help you compare against 25+ cyberinsurance carriers. Contact us today to discuss with a CGP partner.