Boosting Cyber Resilience: Shift in Cyber Insurance Landscape Sparks Evolution in Security Practices
The steep rise in cyberattacks, manifesting in expensive downtime, intensive investigations, legal battles, and hefty ransoms has served as a wake-up call for cyber insurers. This has necessitated a thorough re-evaluation of underwriting processes and urged the promotion of enhanced cyber resilience among their clientele. The massive number of cyber-insurance claims coupled with the astronomical cost of data breach recovery—averaging at a concerning $4.88 million—serves as proof that the cyber-insurance industry is compelled to adapt and evolve to cater to market needs cost-effectively.
As cybersecurity woes escalate globally, insurers that weathered the widespread IT outage in July relatively unscathed are contemplating potential losses from cyberattacks facilitated via a third-party service provider that could take down a substantial portion of businesses.
These hypothetical situations prompt insurers to think along the lines of billions in insured losses, given the slower recovery rates and ransom payments necessary to regain control of hijacked data.
As a relatively young subordinate of the insurance industry, there are many ambiguities concerning cyber insurance topics. This includes the nature of coverage, its role in potentially fuelling ransom payments, and other pertinent issues. Despite its nascent stage, it doesn’t negate the fact that this sector is steadily finding its ground and evolving alongside emerging cybersecurity threats.
This ongoing transformation is the catalyst that will push businesses to reconsider the importance of cyber resiliency—the ability to ensure data is always recoverable in the advent of a primary network breakdown or data held hostage for a ransom payment. Investments in better data protection practices will inevitably increase, spurred by the cyber-insurance market itself.
Navigating the Future with Cyber Insurers
In the last half-decade, ransomware’s surge has drastically altered organizations’ risk profiles and escalated estimated claim payouts. The heightened risk and inability to assess it accurately or implement requisite threat mitigants translates to a considerable financial business risk for insurers. Hence, in response, cyber-insurance prices and qualification benchmarks for coverage have significantly shot up.
A sizable portion of new requirements focus on data storage and backup protocol. Segmented, encrypted, and immutable backups have become the norm, yet due to limited resources, lack of awareness, or disjointed cybersecurity teams, it hasn’t been widely adopted. However, the tides are changing, forcing businesses to up their cybersecurity game if they wish to secure coverage. Failure to adapt will leave them without insurance or a viable recovery plan, making them vulnerable when an inevitable ransomware attack strikes.
Companies can reduce the cost of attacks by ensuring data remains recoverable, mitigating operational downtime, and preventing the need to pay ransoms. The essence of ransomware lies in rendering production or backup data useless for organizations to recover following an attack. However, by employing immutable backup, organizations preserve access to their data. This IS even more vital as ransomware now targets backups specifically.
Immutability is non-negotiable for any backup storage type as it’s time-based, unlike encryption which is key-based. This implies that outside of demolishing the physical hardware, there’s no conceivable way to alter or erase backup data once it’s penned into a device that has object lock—i.e., immutability—enabled. Encryption of backup data prior to writing it to immutable storage further enhances this strategy by making it unreadable (unless the key is available) and unalterable.
Lastly, it’s paramount to institute a disaster recovery plan comprising a multilevel backup solution and routine disaster recovery testing to preempt potential issues. Providing evidence of these backup tests to insurers proves a lower risk factor.
Ultimately, the common goal for businesses and cyber insurers is to create more robust IT environments to avoid cyberattacks and the associated costs—ransom, downtime, and reputational damage. Despite ongoing law enforcement efforts to combat cybercrime, recent changes in the cyber-insurance market may alter the threat landscape by enforcing the widespread adoption of backup best practices and cyber resilience.
Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.