search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Cybersecurity For businesses this has led to a few questions. Firstly, what are the


requirements to qualify for cyber insurance and what will be covered? And secondly, given the robust level of security your organisation will achieve through ticking off the checklist of requirements – is the cost of insurance actually worth it? What are the requirements for cyber insurance? Across the board,


insurance is becoming increasingly challenging to get hold of. Not only are costs soaring, but underwriting requirements are higher and greater scrutiny is being placed on risk mitigation and security program maturity. Therefore, for businesses to be eligible for cyber insurance


they need to show that they already have robust security in place. While the specific requirements for cyber insurance will vary – based on the industry, insurer, the size of the business and the type of coverage required – there are some universal security measures that every business looking for insurance needs to have in place: • Endpoint detection and response (EDR) – as the number of endpoints (including laptops, mobile phones, tablets etc) continues to rise, so does the number of entry points for criminals. EDR is designed to monitor, discover, investigate and respond to threats across a network of endpoint devices and is becoming a must-have for those seeking insurance.


Telecommunications (Security) Act (TSA) for Network Operators – and it is unlikely that Insurance companies will accept those that don’t comply with Government legislations.


“Owing to the higher severity of breaches,


Is cyber insurance worth the rising cost? One of the many elements that should be considered is that in the event of a breach, some insurers will insist on choosing the company that investigates the attack themselves. And while that may not seem like a big deal initially, it becomes more of an issue when combined with the recent exemptions around state-sponsored attacks, giving the insurance company the power to determine if there is a link to a nation-state or not – and ultimately if that affects the eligibility of the claim. Organisations, therefore, need to ask


the frequency and value of pay outs has gone up, and so has the price of cyber insurance which has risen by 66% in the third quarter of 2022 – following a peak increase of 102% in the first quarter.”


• Multi-factor authentication (MFA) – this one almost goes without saying, as it has become a common part of day- to-day business operations, but having MFA in place for business networks, emails and applications is another requirement insurers are looking out for.


• Separate backups – as attacks become more advanced, having a single data backup is no longer enough, as this can potentially be compromised. Having multiple backups, in different locations, is another requirement for cyber insurance.


• Cyber awareness training – even the strongest cyber security measures can be brought down by a hole in the human firewall. Therefore, insurers will need businesses to provide regular training, and assessment, to their employees to mitigate the risk of breaches through social engineering attacks.


• Penetration and stress testing – as with assessments to show staff are trained against cyber threats, insurers also need to see that cyber security tools can withstand the threats in the environment. Showing the results of penetration and stress tests can help alleviate concerns around a business’ level of protection.


• Zero trust network access (ZTNA) – whilst ZTNA may not yet be a universal security measure, it is growing in popularity and has become a widely accepted choice for providing secure network access – replacing outdated VPNs. It may not be something all insurers are looking for now, but will likely become so down the line due to the increased security it provides. Having these measures in place can help towards eligibility for cyber


insurance, however actual requirements will vary on a case-by-case basis. Additionally, while implementing the above can help organisations to secure insurance and start better protecting themselves, certain industries will have their own regulations that need to be met – such as the


www.pcr-online.biz


themselves whether they are comfortable with this and whether they are happy to trust the results of the insurer’s investigation, particularly if they have their own means to investigate a breach – be it their own technology, or an existing relationship with an


attack remediation company – as an insurance company may reject findings that differ from


its own. This may draw the level of worth provided by cyber insurance further into question. What is, however, without a doubt ‘worth it’ is ensuring your cyber security continues to be at a level where its eligibility for insurance couldn’t be brought into question.


As the threat landscape continues to grow, businesses need to remain


aware of the evolving threats, and increase their security measures alongside them, so they can continue to protect themselves, their business partners and their customers from attack. And while cyber insurance requirements themselves shouldn’t be used as a base level for an organisation’s security, the higher bar being set does indicate the need to reassess levels of protection. Furthermore, as additional security compliances are imposed on some


sectors, such as the aforementioned TSA and the EU’s DORA (as well as a likely UK equivalent) for financial services, reviewing and upgrading security measures isn’t just important for protecting your business – it is becoming a more important part of the criteria for companies assessing their 3rd party suppliers. Ultimately, it comes down to the details of the individual policy as to


whether cyber insurance is worth the cost – there is no ‘yes or no’ answer. The choice to take out cyber insurance will come down to the cost of the policy, the level of cover you’re able to receive and any stipulations or exemptions. Nevertheless, whether you are insured or not, paying attention to the requirements for cyber security – both from insurance companies and Government regulations – is of the utmost importance. Insurance or no insurance, the threat landscape is evolving, and your


security measures need to evolve with it. Therefore, adhering to security guidelines can help to strengthen your


security environment, while regular testing of cyber defences can determine any areas of your security that need to be upgraded. This will not only help your organisation qualify for cyber insurance should you want it, as well as likely reducing your premium, but it will also majorly reduce the chance of a successful breach.


April 2023 | 33


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52