When companies want to take out cyber insurance, the premium is often based on the existing security technology. Multifactor authentication (MFA) has even become a prerequisite for insurance cover.
For many companies, the topic of "cyber insurance" is moving on to the agenda, and relevant offers have been around for a number of years. However, due to the frequency and severity of ransomware attacks, taking out such insurance is no longer as easy as it used to be.
Insurers reject insecure IT
While the attacks prior to the corona pandemic were primarily concentrated directly on the internal IT systems at the company headquarters, more and more users in the home office are now being targeted by attackers. The risk is increasing and applicants now usually have to prove to the insurer the use of various IT security technologies - including a response plan in the event of a security breach - in their own ranks. Last but not least, the requirements include the implementation of multifactor authentication (MFA). Without this precaution, there is usually no insurance coverage.
Ransomware as the main reason for purchasing cyber insurance
Ransomware is becoming more and more common, is developing consistently and is no longer just targeting computers. In addition, smartphones, televisions and other devices in the network are hardly safe from this type of malware, which encrypts data and only releases it again upon payment of a ransom in crypto currency. Given the high ransom demanded by cyber criminals, insurance policies specifically for ransomware should have been part of any company's security strategy for a long time.
The increasing demand for relevant insurance has recently been a recurring topic at international specialist conferences. The situation of a successful ransomware attack was compared with that of a real kidnapping case. The idea behind it: If there are insurance companies that step in as soon as it comes to a ransom payment to safely free a kidnapped person, this could also apply to ransomware. This would not only protect the victims from losing access to valuable data, but also give the insurance sector the opportunity to further diversify its offerings through the dedicated expansion into the IT area.
Ransomware damage only partially covered
There are currently some insurance companies that cover the costs associated with certain cyber attacks, but there is still a lot of room for improvement in terms of an adequate definition of the content. In general, such cyber insurance covers third party damage (which is very useful when a cyber attack on a company affects its customers). Sometimes they also pay for direct losses, with a focus on the specific follow-up costs of an attack. Depending on the insurance, this includes, for example, restoring data, replacing hardware / software or hiring forensic investigators, external lawyers and communications consultants.
Most cyber insurances are currently far from covering all of the damage caused in this context. There are, for example, policies with an insured sum of up to 10 million euros, which, however, “only” cushion 500.000 euros in the event of cyber extortion by ransomware - in the case of MediaMarkt and Saturn, in which the extortionists allegedly demanded 50 million US dollars in Bitcoin , this would be a drop in the ocean. However, the market here is developing rapidly and it is usually first and foremost a matter of examining the main risks to which an organization is exposed in order to be able to create corresponding offers at all.
Cyber insurance now requires MFA
Companies that are interested in taking out cyber insurance and do not want to accept skyrocketing premiums or the risk of a complete rejection of the application should therefore create modern, security-related framework conditions in advance.
In this context, the use of multifactor authentication (MFA) is an important aspect, as it not only provides additional security for remote access to networks and e-mails, but also administration access. The abuse of corresponding passwords, which circulate in abundance on the dark web, is now the order of the day and many attacks can clearly be traced back to it. Compromised passwords or login IDs are the proverbial Achilles heel for quite a few companies. After all, employees often use the same password for several systems, use too simple phrases, share their login data with others or accidentally pass information on to cyber criminals. MFA effectively puts a stop to all of this. Up to 99,9 percent of attacks from compromised accounts can be fended off with multifactor authentication. Because even if an attacker - possibly in the course of phishing - comes into possession of a user's login data, the query of an additional authentication factor - for example the confirmation of a push message on the assigned smartphone of the respective employee - thwarts his plans.
MFA, EDR and other technologies recommended
Since every attack begins at an endpoint, companies should also use Endpoint Detection and Response (EDR) in parallel to multifactor authentication, as this allows suspicious processes on the end device to be detected effectively. The combination of MFA and EDR significantly minimizes the risk of a consequential security incident - especially if value is also placed on sophisticated patch concepts, employee training and targeted awareness-raising.
When all these prerequisites are in place, cyber insurance can also serve its purpose as an additional piece of the puzzle in an effective security strategy and ensure that IT managers and corporate executives can sleep soundly in this regard in the future.
More at Watchguard.com
About WatchGuard WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,