Getting the Right Protection from a Cyber Insurance Policy
source link: https://itwire.com/business-it-news/security/getting-the-right-protection-from-a-cyber-insurance-policy.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Wednesday, 27 March 2024 13:00
Getting the Right Protection from a Cyber Insurance Policy
By BeyondTrust
GUEST OPINION: As the number and sophistication of cyberattacks continues to grow, increasing numbers of organisations are evaluating how much protection they can get from cyber insurance.
Offered by a range of insurance companies, these policies vary in both cost and coverage. For this reason, it’s important that careful evaluation is carried out before purchase. Failing to do this could result in claims being declined or compensation withheld.
Generally speaking, cyber insurance is designed to help an organisation recover from a cyberattack. Many cover the costs associated with recovering IT infrastructure after incidents such as malware, ransomware and hacking attacks.
Some policies also offer coverage for any financial losses that result from an attack. This could range from lost productivity to the costs associated with relevant investigations and lawsuits.
Organisations should also consider the benefits of having a policy that specifically covers data breaches. This will help cover the potentially high cost of responding to an incident in which personal or highly confidential data is leaked.
The bottom line is that an organisation needs to have a clear understanding of what is covered by (and excluded from) a particular policy. Comparing policies from different insurers can be challenging as they will often use different clauses and terminology. Careful review and comparison is therefore critical.
One example of a significant variable is whether coverage is offered for ransomware attacks. Because the number and severity of these attacks has recently increased, some insurers now include an exclusion clause confirming that they will not cover such an event.
Improving the existing security posture
As well as securing an appropriate policy for cover, organisations must also take all steps possible to reduce the chances of a successful attack occurring. In this area, significant attention should be given to carefully managing admin rights.
A policy of ‘least privilege’ access should be adopted to ensure that access to particular resources is restricted to only those who really need that access and for only long enough for the user to achieve their task . The number of users with admin rights should also be as restricted as possible.
The IT team should also work to improve credential and session management through the introduction of multi-factor authentication. This means that, even if a cybercriminal is successful at securing valid access credentials, they will still be prevented from gaining access to the targeted infrastructure.
Prospective insurers will also want to be confident that any organisation seeking a policy has in place the best possible suite of protective measures to reduce the risk of falling victim to a cyberattack.
These measures will include the adoption of email and web filtering to reduce the chances of malicious messages being opened by staff. They should also include being fully prepared with an action plan to be followed if a ransomware attack takes place.
Being able to confirm that there is a robust data backup system in place will also be critical. As well as helping an organisation recover from an attack, it can reduce the time taken and the costs incurred.
Ongoing evolution
A key factor to remember when considering and evaluating cyber insurance is that the market is in a constant state of flux.
On one side cybercriminals are constantly evolving their attack techniques and making use of new vectors. On the other side, insurers are continually refining their policies to ensure they give appropriate levels of protection as conditions change.
For this reason, cyber insurance can never be a set-and-forget undertaking. Organisations must work to constantly improve their levels of cyber protection and ensure they are aware of any new threats that might emerge.
Organisations must also regularly review their coverage to ensure it is appropriate. Sticking with the same policy for multiple years is very unlikely.
However, by taking time to understand the potential threats being faced, and then securing appropriate coverage, organisations can be best placed to withstand threats and recover quickly should a successful attack occur.
Read 95 times
Please join our community here and become a VIP.
Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here
ELASTICON SYDNEY 2024 LATEST ADVANCEMENTS IN GENERATIVE AI
On 20 February, keynote addresses from NAB, Canva, AWS, and Google Cloud, among others, will feature at ElasticON Sydney 2024.This event will explore the latest advancements in generative AI
The one-day conference, hosted by leading search analytics company Elastic, will include networking drinks, hands-on labs, technical sessions and a stellar line-up of keynote speakers from finance, technology, and government e=sectors.
ElasticON Sydney 2024 promises to be an enriching experience with a comprehensive exploration of the latest developments in security, observability, generative AI and their real world applications
Don't miss out on this opportunity to network and find answers for what's next from your industry peers and leaders
Register for ElasticON Sydney 2024
PROMOTE YOUR WEBINAR ON ITWIRE
It's all about Webinars.Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK