Page 165 - Cyber Defense eMagazine January 2024
P. 165

costs for such  an incident.  This is why thorough  attention  to policy  terms and conditions  can make or
            break an organization when it’s time to put in a claim.



            Cyber insurance (still) requires robust and compliant cybersecurity

            Trust me, cyber insurance  providers don’t stay in business  by insuring organizations  with bad security.
            Businesses  must  pass  a  risk  assessment  and  security  questionnaire  to  complete  the  underwriting
            process.  Such risk  assessments  are usually  based  on established  regulatory  frameworks  such as the
            NIST  Framework  and  others.  Therefore,  effective  cybersecurity  is  a  requisite  for  cyber  insurance.
            Businesses must implement comprehensive tooling, such as data encryption, access control, multifactor
            authentication (MFA), automated threat monitoring and mitigation, logging and reporting, and more. For
            this reason, I recommend multi-faceted security tools to organizations, such as BeachheadSecure, which
            meets 76% of NIST requirements, and Acronis in order to start checking a lot of boxes and set the table
            for a successful cyber insurance partnership.

            All  that  said,  having  effective  cyber  security  isn’t  enough:  organizations  must  carefully  document
            protections to ensure approval of cyber insurance claims. For instance, a business required to implement
            MFA on all endpoint  devices  needs to have screenshots  and  documentation  ready  to prove  that even
            newly added devices have those contractually necessary safeguards in place, and that they were active
            as an incident occurred.



            Be wary of traditional insurers

            Cyber insurance is a specialized product requiring expertise on the insurer’s part as well. Unfortunately,
            some traditional insurers began to offer cyber insurance in recent years without acquiring the knowledge
            to do so correctly.  The result has been horror stories, as these providers  fail to correctly  explain policy
            requirements  to customers  and then deny their claims for failure to meet those unclear  requisites. Just
            as cyber insurers vet potential customers,  organizations  should carefully vet their insurers as well, and
            stick to trustworthy proven cyber insurance providers.




            Protect your organization before and after an attack
            Comprehensive  cyber security and cyber insurance play an overlapping role in protecting organizations
            from  the  potentially  devastating  impacts  of  a  cyberattack.  Cyber  insurance  providers  require
            organizations to implement robust security processes, and insulate them from the consequences if those
            measures  nevertheless fail. By selecting  the right cyber insurance  strategy and policy, businesses  can
            take peace of mind that they will survive anything attackers throw their way.










            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          165
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   160   161   162   163   164   165   166   167   168   169   170