As global cybercrime grows more sophisticated and widespread, cyber insurance is growing more popular among organizations of all sizes.
There's a catch: Many insurers won’t underwrite a policy if certain security measures aren’t already in place. That’s becoming very common.
Insurance carriers have caught on and are now saying they don’t want to be on the hook for millions in coverage if something happens. That’s why companies must have cybersecurity protocols in place so securing a policy is easier and less costly.
When a company gets hacked, there are unknown costs involved that can be stratospheric to the companies recovery efforts. Whether intangible or hard costs, they would have been covered by cyber insurance. However, only if the insured party is allowed coverage in the first place, and there could be many reasons why cyber insurance is denied.
Here are the typical requirements for cyber coverage so you’re prepared when your next renewal date rolls around:
1. Business Class Firewall with security
Keeping your network locked down from intruders is important. Not only should you have a firewall in place, you should be keeping up with the security updates and security renewals. Its not good enough anymore to just have a firewall. You have to maintain the updates and security.
2. Implement the Zero Trust model
Zero Trust is a security framework requiring all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
3. Multi-Factor Authentication (MFA)
Whether or not you’re part of a larger organization, MFA is one of the most basic and effective ways to protect sensitive information. Rather than logging on with just a password, MFA requires another form of identification (a randomly generated code or maybe a fingerprint scan) before you’re allowed entry. This way, even if a criminal figures out your password, it’s not enough to breach an account or a system.
4. Software Patching And Updates
This is another basic practice that delivers real results when it comes to security. Make sure to regularly install patches and repair bugs. Not doing so is like failing to fix chinks in a suit of armor. Sooner or later the enemy will find those openings and exploit them to the fullest. Having an patching and managed update system in place is a must.
5. End-Of-Life HARDWARE Management
Just as the functionality and security of old smartphones diminish when they’re no longer able to install critical software updates, outdated software has the same effect on your system. Running the most current versions and regularly updating older versions can help protect against cyber intrusions while keeping your operation running smoothly.
6. Remote Desktop Protocol (RDP)
Remote access is a great tool. Until it’s not. If you can directly access another computer over your network, so can someone with nefarious intentions — like, for instance, spreading malicious software that could wreak havoc. So make sure your RDP is secure by, among other things, prohibiting direct exposure to the Internet, allowing access only via VPN and requiring multi-factor authentication.
7. Endpoint Protection/Anti-Virus Software
If it’s centrally managed and correctly configured, this goes a long way toward preventing malware and other malicious applications from compromising your system.
8. System Backups
What if there’s a fire, a flood or an earthquake, and every computer in your business is destroyed? What if crucial hardware suddenly stops working? What if there’s a cyberattack that paralyzes your systems? The solution to all those worst-case scenarios is onsite and offsite system backups that are encrypted, strictly monitored and guarded by anti-virus software. Additionally, test your data recovery methods every six months or so to make sure you’re ready for a real-life emergency.
9. Incident Response And Business Continuity Planning
In the event your systems are breached by cybercriminals, the last thing you want to do is respond frantically or chaotically. That’s why it’s vital to have a workable plan in place for mitigating damage and communicating internally. If you’re hit by ransomware or malware, which can be even more destructive than a flood or a fire, you can remain calm while business operations suffer minimal disruption.
10. Annual Accounting Staff Training and Education
According to the FBI, billions of dollars are lost each year to something called payroll diversion. “The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds.” That’s why every employee who handles financial transactions needs to be aware of potential vulnerabilities. Additional scams include wire fraud and W-2 phishing.
Kappa Can Help
If you need help with any of the above cybersecurity insurance coverage requirements mentioned above, Kappa is here to help! We are happy to discuss what you currently have in place and how we can help you execute what is missing in your current IT set-up.