Interviews

The £2m question

by Mark Rowe

Is your company covered for a cyber attack? asks Usman Choudhary, Chief Product Officer, at the anti-virus product company VIPRE Security Group. He outlines how cyber insurance works, and who can benefit from investing in a policy.

Cybercrime continues to be a persistent and pressing issue for all sized businesses, but particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60 per cent of small businesses that experience a cyberattack shut their doors within six months.

Despite the continuing rise in risk, many small businesses remain vulnerable to cyberattacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.

How it works

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyberattack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.

With the constant – and ever-increasing – threat of potential cyberattacks and need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.

But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK Government’s Cyber Security Breaches Survey 2022 found that only 43 per cent of businesses have a cyber insurance policy in place.

Who needs cyber insurance?

Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. And, one of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, time involved in finding a provider, and lack of understanding of the importance of a cyber insurance policy.

Protect

It’s no surprise that bad actors are becoming more cunning and creative when it comes to targeting businesses – and small businesses are usually the bullseye of their predatory plan – as cyber criminals are aware that these sized businesses may lack the adequate protection.

Beyond the reputational risk involved, the cost of a cyber-attack can be devastating. Data breaches can reach more than £2.7m – while the average cost to investigate and recover from an attack is about £2.9m. However, the process of signing up for cyber insurance coverage is not as straightforward as many may presume.

Where to start?

Before applying for cyber insurance, organisations must first demonstrate that their business has implemented a long list of cybersecurity technologies and practices, such as Multi Factor Authentication (MFA) and Endpoint Detection & Response (EDR) to acquire the right security coverage.

MFA is a security technology that combines two or more independent credentials: what the user knows (such as a password), what the user has (such as a security token) and what the user is (by using biometric verification methods). By having a layered defence in place, it makes it more difficult for a bad actor to access a target; such as a physical location, computing device, network, or database. MFA is highly effective at thwarting bad actors, as demonstrated in a study by Microsoft, which found MFA provides an added layer of security that can block up to 99.9 per cent of attacks stemming from compromised accounts.

Endpoint Detection and Response (EDR) uses endpoint data collection software installed into machines to constantly monitor, flag, and respond to cyber threats like ransomware and malware. If suspicious activity is detected, the system is triggered. EDR can also automatically block malicious activity to temporarily isolate an infected endpoint from the rest of the network to stop malware from spreading.

Owning responsibility

When considering how to keep a business protected from potential cyberattacks, it is important that the teams in charge do their research and choose a reputable partner to implement MFA and EDR technology. However, it’s of equal importance to also remember that obtaining cyber insurance is not enough.

Organisations must constantly monitor their business, stay informed on the latest cyberattack trends, and train its employees on cybersecurity with a comprehensive security awareness training programme in place. It is vital that businesses do their part to stay on top of potential risks and protect its staff, customers, and overall business reputation from the evolving and innovative bad actors society is faced with.

Related News

  • Interviews

    Correct print strategy

    by Mark Rowe

    Wi-Fi printers possess an array of features that make printing easy, which are especially useful in a world where remote working is…

  • Interviews

    Fishery enforcement

    by Mark Rowe

    If anywhere’s peaceful and has least call for security measures, you might think it’s wherever you can go fishing. But you would…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing