10 Tips for Lowering Your Cyber Insurance Premium
The following article was first published in Whittlesy’s Insights. It is reposted here with permission.
As time goes on, businesses and non-profit organizations are more and more at risk of cyberattacks.
Even a single incident could have severe consequences. In fact, the average cost of a data breach can exceed $4 million.
For small to medium-sized organizations, we typically see costs average a half million dollars. Unfortunately, the cybercrime industry is estimated to be worth over $10 trillion by 2025.
Insurance companies have recently gotten tougher on their prospective and current cyber policyholders when they are not adequately protecting themselves from cyber threats.
For example, they are performing vulnerability scans on customer networks and requiring certain controls like multi-factor authentication to be in place before providing a policy. Answers to IT and cyber questionnaires are now affecting premiums as well.
The good news is that you can take steps to lower your cyber insurance cost and get the most out of your policy.
Let’s briefly look at how you can substantially reduce your cyber insurance rates before shopping for insurance.
One of the best ways to reduce your cyber insurance costs is to implement Multi-Factor Authentication for all accounts.
MFA adds an extra layer of security by requiring users to confirm their identity using two or more factors, such as a password and a code sent to their mobile phone.
Although it is a simple process, it is one of the more effective controls for safeguarding sensitive information and systems.
Another great way to reduce cyber insurance costs is using a password manager. Password managers help you create strong, unique passwords for all your accounts and store them in a secure location.
This way, you don’t have to remember all your passwords, and you can be sure they are all strong and unique.
In today’s environment of many passwords, this has the byproduct benefit of making your life easier and less frustrating due to forgotten passwords.
Another important benefit to businesses is the ability to let staff use the passwords for logins without ever seeing them. This makes offboarding less of a chore (not having to change as many system passwords that terminated employees had access to).
Train Your Employees
Research shows that over 90 percent of security breaches are due to human error. That is why security awareness training is so crucial for minimizing risk.
A security awareness training program can help employees learn how to spot phishing emails, create strong passwords, and keep their personal information safe.
The better your employees keep sensitive data secure, the less risk you will be to your insurer.
In 2022, we consider this a mandatory standard practice and must be part of your security program for it to be complete.
Regularly updating your software is something that you simply cannot overlook. Software updates often include security patches that can help protect your systems from new threats.
Ensure you have an automated AND monitored patch management system that covers operating systems, third-party applications, and network devices (firewalls, etc.).
Cybercriminals also mainly prey upon businesses that do not keep their systems updated.
Another significant step you can take is to invest in cybersecurity tools. Various tools can help you secure your systems and data, such as firewalls, anti-virus software, application whitelisting software, intrusion detection/prevention systems, and the rapidly more important managed detection and response systems.
Talk to a cybersecurity professional to help you choose an appropriate set of tools to provide the security you need.
An incident response plan is another essential piece of a security program.
A response plan outlines what you will do in the event of a breach or attack.
Having a plan in place can help you contain the damage and minimize the impact and cost of an attack.
Continuity Planning, Image-Based Backup Solutions
A business continuity plan and disaster recovery plan are not only required pieces of a security program but developing them will also help ensure you have a viable recovery plan and system.
A good BCP and DRP will allow you to restore your systems and data in case of a breach or attack and get back to business quickly.
Be sure you are using the latest in backup technology as well.
In 2022, that means utilizing image-based backups, which archives entire images of servers and computers for the quickest and most thorough recoveries.
These systems should have a local and cloud component for the best protection.
Monitor Your Systems
Monitoring your systems can help you spot potential threats and vulnerabilities and detect when a control system is offline.
Be sure to keep an eye on your logs and activity so you can quickly identify any unusual circumstances.
Active monitoring can go a long way to prevent minor issues from growing into larger ones.
Sometimes, this could be the difference between handling a threat quickly or suffering substantial financial losses, legal complications, etc.
Hire a Professional
Working with a cybersecurity professional can help you assess your risks, implement security controls, and develop a response plan.
Tapping into their expertise can help you avoid costly mistakes and ensure that your systems are as secure as possible.
This is especially important if you don’t have the internal resources to devote to cybersecurity.
As you might guess, being proactive is one of the best ways to lower your cyber insurance premium and prevent surprise costs.
By taking steps to reduce your risk now, you will not only access lower premiums but also be less likely to file a claim in the future that will affect your rates.
This will save you money both in terms of your premium and your deductible.
It might seem not easy at first to reduce your cyber insurance premium, but it’s easier than you might expect it to be.
Be sure to address the above guidelines before shopping for cyber insurance.
About the author: Chris Wisneski is an IT security and assurance services manager in Whittlesey’s Hartford office. He has more than 20 experience in information technology, with a specialty in cyber security.
EXPLORE BY CATEGORY
Stay Connected with CBIA News Digests
The latest news and information delivered directly to your inbox.