Previously, we covered the anatomy of a ransomware attack and the various types of ransomware. We also discussed why it’s essential to have a recovery plan in place before disaster strikes. This blog will cover another piece of the cybersecurity planning puzzle: insurance.

According to the Canadian Centre for Cyber Security, the estimated average cost of a data breach last year was $6.35M CAD. This number rises each year due to several factors, like ransomware-as-a-service, high-impact targeting, and the global pandemic. With more employees now working from home, our experts continue to see sharp increases in malware and ransomware attacks.

Limited in their approach, either by lack of personnel or funding, IT teams are doing all they can to protect company assets. Many leaders have realized the risk left by this gap and, as an attempt to mitigate risk to avoid the resulting financial losses, have decided to bolster their security toolkit by purchasing cyber insurance.

Cyber insurance, also known as cyber liability insurance, is a type of policy that protects against cyberattacks. It can help minimize the impact of a breach and provide coverage for miscellaneous expenses.

Cyber insurance is beneficial for businesses that rely on technology to conduct their operations. No matter an organization’s level of security, private data such as contact details and financial records is still a target for criminals to hold for ransom.

The coverage typically handles immediate costs such as data recovery and legal defence but does not usually consider more longer-term ones like reputational damage.

As the frequency of attacks increases and criminals get more brazen, the cost of paying out a claim is simply a reactive activity that insurance companies can no longer afford. They have paid out far more than expected, which has led to massive losses. Some providers have reduced payouts or have stopped paying for ransomware attacks altogether. Others no longer even offer cyber insurance. As a result, premiums are rising drastically.

This is why the qualifying rules for claims are becoming more stringent. Security questionnaires have been relatively standard in previous years but are now more focused on specific controls. These areas include MFA, security awareness training, 24/7 monitoring, secure backups, endpoint protection, patch management, incident response planning, and external assessments.

If you do not adhere to their specific requirements, providers can easily deny coverage. How can you be sure you are in the best position to have your claim honoured when the time comes?

One of the best, most straightforward ways to ensure your company is up-to-date with the latest requirements is through a partnership with a Managed Service Provider. Through a series of rigorous and targeted assessments, they can quickly analyze your current security posture and determine any weaknesses. They can also help with remediation, ensuring you peace of mind in knowing that you will have full insurance coverage in the case of an attack.

With over 20 years of experience helping clients address their security risks, our Professional Services team has the knowledge to keep hackers away from your business data.