Cybersecurity

Want Cyber Insurance? It Might Not Want You

With an increasing number of businesses experiencing cyberattacks, many find themselves unaware their insurance plans do not cover the costs of cyberattacks. Insurance providers worldwide already offer separate plans for tackling cybersecurity incidents, though qualifying apparently is more challenging than expected.

According to IBM, in 2021, a data breach cost companies $4.24 million on average—an  amount which is 10% higher compared to 2020. These expenses can disrupt the company’s functioning and even lead to its closure—experts, including our own, agree that cyber threats are as relevant for small enterprises as large ones.

From our experience, companies do not take cybersecurity seriously enough and the increasing number of cyberattacks suggests just that. Only after experiencing a cyberattack would most understand their insurance plan will not provide for this type of security event.

Applicable Only for “Best in Class”

Although many insurers already have cyber insurance plans in place, they seem extremely careful in evaluating to whom to grant it. Cybersecurity risks and the associated costs can be hard to foresee. Therefore, companies become the ones to prove themselves insurable. To do so, they must meet specific cybersecurity requirements that each insurance company sets on its own. These requirements primarily include mitigation tools.

The cybersecurity solutions that were “nice to have” a couple of years ago have now become an essential part of any company’s risk-management strategy. It is a pure myth that hackers seek only big fish—anyone can become a target, a scenario repeatedly proven.

The trick is simple: Adapting a few cost-efficient policies can help companies get insured and save themselves from major crackdowns. These include, but are not limited to, the following practices:

1. Adapting perimeter security practices

A business virtual private network (VPN) service helps protect a company’s privacy online and secure access to internet connection, creating an encrypted tunnel for data. Connecting to a business VPN is possible from anywhere in the world. Therefore, it addresses the risks insurance companies have concerning remote work options that a vast number of companies offer. Extensively used by both individuals and companies, this solution is among the critical go-to tools for cybersecurity.

2. Setting password management rules

Our latest research showcases that business executives have similarly poor password habits as regular internet users do. The most common password remains “123456,” followed by other easy-to-crack variations of numbers and letters. While these can be guessed in less than a second, passwords, in general terms, are usually considered the most vulnerable place on a company’s cybersecurity map.

For this reason, insurers are likely to require a company to present proof of using password management software with safety protocols in place. This tool can also be connected to a multi-factor authenticator (MFA) for double security.

3. Storing data in a secured environment

Insurance companies are also concerned with data management within the client’s organization. Data is an invaluable asset to most companies, and thus any compromise can cause significant losses. A secured cloud service that restricts access of third-party individuals helps ensure only company employees can view and manage documents, spreadsheets, or other stored materials.

Gerald Kasulis is Vice President of Business Operations at Nord Security, home to such products as password manager NordPass and NordVPN.