Cyber-Insurance – What you need to know.
We sat down with our Chief Revenue Officer, Shawn Melito to discuss the current state of Cyber Insurance.
Q. What are the most critical issues and challenges facing the cyber insurance industry right now?
A. Ransomware is, by far, the most important issue facing cyber insurance right now. Attacks are increasing across all industries, ransom amounts are growing, and the regulatory scrutiny on making the payments is at an all-time high. In September, the United States Department of Treasury Office of Foreign Assets Control (“OFAC”) issued an updated advisory on potential risks for anyone facilitating a ransomware payment to a sanctioned entity.
There is a benefit to this though, everyone involved in handling ransom cases are taking a hard look at whether it is worth the risk to make a payment, even with solid due diligence on the attackers. In fact, one major cyber insurer I spoke to recently, who has tens of thousands of cyber policies in place, said that they hadn’t made a ransom payment since April of 2021. And there is more good news. Organizations are improving their cybersecurity posture, which is a necessity at this point – they wouldn’t be able to renew their cyber insurance if they didn’t. According to a recent Coalition H1 2021 report, this increased security is working- the severity of ransomware attacks is actually decreasing for once.
Q. Why do some organizations turn to cyber insurers and brokers in the event of an attack?
A. Any experienced cyber insurer or broker has developed extensive relationships with several top incident management firms – from cyber lawyers (breach coaches), forensics to PR and communication companies. These experienced companies assist organizations dealing with attacks daily and know exactly what to do to get them up and running again, compliantly, and safely in the shortest time possible.
Q. What steps should organizations take to protect their networks better?
A. There is no one thing. It needs to be a multi-factor approach.
- Have an Incident Response Plan (IRP) have a plan in place, practice it with tabletops and keep it updated.
- Know your PII and IP data, where it is stored, and how it is protected. Only keep data as long as you need it. Know what apps your staff and clients are using. Are they safe?
- Data Security software is not enough. It needs to be correctly deployed, configured, regularly tested, and monitored. If you cannot handle it yourself, outsource it.
- Train your people in good privacy and data security principles. Phishing email training is good, but there is so much more to learn.
- Have a solid vulnerability management program in place, with regular scanning and patching (and immediate patching for critical vulnerabilities). If you cannot handle it in-house, outsource it.
- Multifactor Authentication (MFA or2FA) is a necessity, especially with the increase of remote work.
- Segment your network, including access: this is vital as attackers move to doxing (or stealing data for extra leverage, as well as encrypting). Hackers will use the easiest route across a system to lock up or steal (or both) as much data as they can.
- Have a regular backup plan in place, and make sure those backups are encrypted and “air-gapped” or offline as well. One of the first things an attacker will do is hunt for backups and either delete them or encrypt them. Test restoration back-ups regularly on every system
Q. What do you see as BreachQuest’s role in the cyber insurance market?
A. I think the answer here is twofold. Right now, BreachQuest’s role is to provide top-notch incident response, forensics, and remediation services to the cyber insurance claims market, and we are already doing so for many of the top firms. In six months, once we are ready to release our next-generation incident response management software Priori, we will be seen as a leader in proactively reducing the severity of the inevitable attack. Stay tuned for more on that.