According to the CRC Group’s June 2022 Cyber Redy Index, in Q2 2022, 82% of companies that renewed their cyber insurance had a price increase greater than 20% and of those 44% had an increase of 50% or more. Maybe most shocking is that in recent months 1 in 4 had increases greater than 100%.
These increases have companies questioning whether buying insurance still makes sense. However, self-insuring is a risky business so here is what we are telling our customers.
Check the front door
IT departments have shored up the obvious entry points like firewalls and routers but that doesn’t stop cyber criminals from testing them. Your best defense is to check the “doors” and address weak points before a hacker does. A simple network assessment, often done at no charge by insurance and credit card companies, will aid you in proactively identifying ports that should not be open, firewall vulnerabilities, unpatched servers, outdated operating systems and other risks. You can then use the results of the assessment to eliminate vulnerabilities before applying for insurance.
Address the weakest link
Invariably, the most vulnerable aspect of any cyber security strategy is people. You can’t predict or prevent the mistakes your employees will make but here are a few options for reducing risk. Invest in annual cyber security training so your associates can identify and avoid malicious content. Consider implementing an email scanning solution to reduce the number of phishing emails that reach your associates mailboxes, thus reducing the opportunities for a mistake. Finally, implement Multi Factor Authentication (MFA) on your email and critical infrastructure. MFA will help protect the organization when an employee’s id and password have been compromised as the hacker lacks all the required information to connect to your systems.
Engage a Cyber Security Insurance expert
Chances are your insurance agent is not a technologist and thus does not have the depth and breadth of knowledge necessary to advise you on cyber insurance risks and risk mitigation. I recently witnessed a conversation between a cyber security insurance expert and our client, an IT professional, and the conversation was game changing. The expert understood our clients “tech speak” and was able to provide advice for mitigating risk, thus reducing their insurance premium. Maybe most impressive is that this advice came at no cost and was provided early enough in the process to allow our client to implement the suggestions prior to purchasing coverage.
Explore your options
Want to learn more? E-mail us at firstname.lastname@example.org to schedule a conversation about how we can help you mitigate cyber risk in your business. You can also check out all of our offerings at www.racksquared.com.