6 Best Practices to Contain Cyber Insurance Price Increases

Cyber insurance premiums are growing exponentially. It’s a dilemma that puts new financial pressures on organizations that are eager to protect their digital assets, but wary of increased spending.

‍Part I of this cyber insurance blog series explored six reasons why cyber insurance costs are increasing so rapidly. In Part II of this two-part blog series, you’ll get practical IT security best practices to help keep your organization’s cyber insurance premium as manageable as possible.

Contain Cyber Insurance Costs With These Tips

To a certain extent, insurance premiums work the same across industries. For example, a driver might qualify for a discount on car insurance if they have a good driving record, or if their vehicle has advanced safety features like airbags and daytime running lights. The same is true of cyber insurance.

So, while you can’t control the broader market pressures that are driving up prices, you can potentially lessen your premium increases by taking cybersecurity more seriously. Follow these best practices to prove to insurers that you’re serious about lowering your risk—and your bills.

Implement Ransomware Detection and Recovery

According to Statista, the average ransomware downtime clocks in at an unbelievable 22 days—that’s more than three weeks! The best way to significantly reduce potential downtime from a ransomware attack is to prevent your organization from becoming a victim in the first place. But where should you start? 

First, consider investing in a content management platform that detects ransomware signatures and flags unusual file behavior like high-volume encryption activity. Such technology can also permit you to “roll back” to earlier versions of mission-critical files in the event of an attack—commonly referred to as snapshot recovery. With detection and recovery solutions in place, you reduce the likelihood of potential attacks, and recover much more rapidly when attacks bypass your security defenses.  

Take Insider Threats Seriously

The unanticipated convergence of work-from-home culture with the massive employee turnover associated with the Great Resignation has resulted in unprecedented insider threat risks the past two years. According to insurance brokerage firm Embroker, finance, insurance and healthcare firms are at the most risk of insider theft.

In December 2021, approximately 4.3 million US workers quit their jobs, which represents a sizable 3% of the entire US workforce. As part of those resignations, some employees may have considered taking valuable intellectual property with them at departure time, even if they innocently did so to document work projects for career progression purposes. 

Alternatively, newly onboarded employees represent a different type of risk. They haven’t been at the company long enough to demonstrate that they can be fully trusted, and IT onboarding activities these days frequently take place on home networks. Those networks generally don’t have the security protection of a traditional office setting. 

The best approach is to leverage technology to analyze unusual user behavior that relates to sensitive data, particularly when users uncharacteristically download a higher than normal file volume. Egnyte refers to such activity as “Unusual Access,” and you can utilize the Egnyte platform to identify and respond to those types of threats.

Utilize Multi-Factor Authentication 

The quickest way to make a significant impact to your IT security is through multi-factor authentication (MFA). With MFA, your users need to have two or more pieces of evidence—or factors—to authenticate their access to your systems. Essentially, users will need to identify themselves beyond their basic usernames and passwords. According to Microsoft research, users that enable MFA on their accounts can block up to 99.99% of automated cyber-attack attempts. For users of the Egnyte platform, you can find out more about Egnyte’s advanced security features here. 

Practice Defense in Depth

This straightforward recommendation is often overlooked. Defense in depth refers to layering security protection. Examples include a combination of anti-virus protection, intrusion detection systems (IDS), and data encryption, along with your existing data protection and MFA initiatives. Since cyber-attackers utilize multiple approaches to detect vulnerabilities in your infrastructure, your organization needs to pursue multiple approaches to protect its IT environment from the attackers. 

See Something, Say Something 

Even the most technologically advanced IT security program is unlikely to succeed without consistent end-user education. Many organizations train their employees on IT security best practices immediately after they are hired, only to have the cycle repeat a year or more later. The business reality is that cyber-attacks are evolving so rapidly that the 2022 defense methodologies may be obsolete by 2023. There are also many recent examples of cyber-attackers targeting the same organization on multiple occasions, either in different geographical regions or different business units, so it pays to always be prepared. 

The best approach is to train employees right after hiring, and then present shorter, targeted training modules on a quarterly basis after that. Throughout the process, employees should be encouraged to say something if they see something, such as unauthorized file access behavior, unexpected password or network access alerts, or obvious phishing emails. White hat phishing exercises can be particularly effective in helping employees retain training content. Having an open-minded approach to user education will also empower your users to make better decisions on an everyday basis. 

Use a Comprehensive, Flexible Incident Response Plan

For mid-sized businesses, this is frequently the weakest aspect of cybersecurity preparedness. According to a November 2021 report published in Canadian Lawyer magazine, only 38% of professional services law firms had an incident response plan in place. And, the 38% figure applies to an industry where a vast majority of the data is considered highly sensitive and confidential!

Egnyte’s data breach governance guide provides steps to help prevent data breaches and create an incident response plan of your own. You’ll need to make provisions for communicating the data breach to your customers, employees, and business partners. And depending on the size of your company, you may need to incorporate a plan for communicating your potential incident to the news media, too. Remember that any incident response plan needs to begin with real-time, always-on monitoring of your company’s critical data, no matter your company’s size. 

In addition to implementing MFA, developing a comprehensive and fully documented incident response plan is one of the most effective ways to demonstrate your security preparedness to cyber insurers. As you develop the plan, you should carefully document all of the security controls currently in place and demonstrate how you proactively manage supply chain partner risk. Most importantly, you need to routinely update your incident response plan as technology evolves and data privacy laws change. 

‍It Takes a Village to Secure Your Organization

Effective IT Security requires the awareness and participation of all of your users. We encourage you to share this blog—and Part I of the blog series—with all of your key stakeholders.

‍