In this blog we’ll give an overview about what a cyber insurance is and what you need to get it. Furthermore, we’ll talk about why multi factor authentication (MFA) has become a mandatory requirement to get one of those cyber insurance coverages.
What is cyber insurance?
What does cyber insurance mean?
A cybersecurity insurance or cyber liability insurance is a coverage against financial losses caused by cyber incidents (for example data breaches) and offers technical and recovery support.
To define the cost of your insurance, cyber liability insurers will look at multiple risk-factors, like for example, what industry you’re in, which way the organization covers data and of course, which security measures the organization already has in place.
There are various requirements that insurance companies define for organizations to be eligible for the insurance coverage. One of the most fundamental ones that most insurers ask for nowadays is Multi factor authentication (MFA).
What does cyber insurance cover?
All depends of course on the type of insurance you take.
It is important to understand that a cyber insurance coverage will not help you to identify cyber risks themselves, nor will they eliminate these. However, when your organization would be hurt by a cyber attack or data breach, having a cyber liability insurance will help you to, for example, recover compromised data, restore personal identities, or repair your damaged computer systems.
Some examples of events that could be covered by your insurance:
Data loss or breach (after hacking, employee theft, loss of memory stick, …)
Business interruption due to a breach
Keep in mind that an insurance like this will protect you financially regarding your digital assets, but it won’t be able to cover every possible risk.
What does cyber insurance not cover?
Cyber liability insurance doesn’t cover claims of property damage or bodily injury. For this, you will need a general liability insurance, as a cyber one does not protect you against these claims.
Furthermore, your insurance (probably) also won’t cover:
Potential lost profits in the future.
Cost of restoring and improving your computer systems to a higher level of functionality than they were following a cyber event.
Loss of value caused by the theft of intellectual property from your company.
A lawsuit for any potential vulnerability in the systems of your organizations before a breach.
How much does cybersecurity insurance cost?
It’s not possible to give an exact answer on this question as it really depends of the protocols and systems you already have in place for cybersecurity. Cyber insurers will look at your current state to provide you with an exact cost of the cyber insurance policy. However, we see that the prices have been increasing on the cyber insurance market. So be sure to investigate what you can do to lower your premium.
How can you get a cybersecurity insurance?
What do you need to get such a cyber liability insurance? What is expected by cyber insurance providers to have in place already when looking for an insurance? To purchase one, you’ll have to provide information about your security controls to insurance underwriters.
What do you need to get a cyber insurance?
Insurance providers (like for example Hiscox, Chubb, AIG, The Hartford, …) will carry out a cyber insurance risk assessment to define your premium and coverage limits. You will have to fill out a questionnaire about your cybersecurity protocols, IT risk management, protocols, … The better you score on this one, the less expensive your coverage will be.
One of the minimum common requirements to get one nowadays is having Multi Factor Authentication (MFA) enabled for administrators and privileged users. This cyber insurance MFA mandate exists, because the additional layer is seen as a fundamental access security measure to protect not only on-site but also remote access. If you only use a password, cyber insurers will believe compromised accounts are inevitable for your organization’s future.
Of course, securing a password with MFA (for privileged and not privileged access) is no silver bullet that can protect against every attack, but it’s certainly a vital layer organizations will need. This MFA insurance requirement is thus something you’ll have to keep in mind when considering an insurance.
Furthermore, there are some more steps that (often) are standard requirements to get a cyber insurance:
All PCs must have antivirus software (up to date)
Company network must be protected by a firewall
Companies should back up business data, by using external media or a secure cloud service (this should be done regularly)
Users that want to have or gain access must follow a secure process
What can you do extra to lower your cyber insurance?
There are multiple steps you can take to lower your premium. We’ve listed 5 of the most common industry practices that you should definitely take a look at:
Organize regular cyber training for employees
Make sure stored data is limited and restrict network access
Have 24/7 monitoring of suspicious activity
Provide solid recover procedures
What is Multi factor authentication (mfa) and why do you need it?
What does Multi factor authentication mean?
Authentication means the process of verifying the identity of a user. With Multifactor authentication this process exists of at least 2 different authentication factors. We speak specifically of two factor authentication when there are only 2 factors, and even that is already better than just one factor.
One factor to authenticate can be something you know like a password or a pin. Sometimes the knowledge factor can also be a security question that you’ll need the answer to gain access.
You can authenticate with something you have, like for example your phone. By using authenticator applications on your device, you can then receive a one-time code, that only works during a restricted time. Or you can receive a SMS code with a security key that you then fill in.
This refers to something you ‘are’, more specifically biometric data. Sometimes fingerprints or face IDs are used to recognize the user’s identity.
Why do you need to implement MFA?
Multi factor authentication is seen as the extra layer to authentication that organizations need to avoid that compromised passwords can lead to a compromised network. If you adopt MFA as an extra security measure, you can protect your sensitive data, even if there are compromised credentials.
Often criminals of cyber threats try to gain broader access via individual users, and they have various strategies (phising, password spraying, credential stuffing, …) to get these passwords. If you use credentials with this extra security step like MFA, you’re making it more difficult for them.
To minimize the impact of cyber attacks on your IT infrastructure, insurers will inform you on this mfa insurance requirement for security when you’re reaching out to them.
How can you mitigate your organization’s remote access cybersecurity risks?
Awingu aggregates different applications, desktops and file servers and makes them available (with the possibility of single sign on) for your remote workforce in the browser via its ‘RDP-to-HTML5’ gateway. As Awingu runs completely in the browser, it’s possible to work on a Chromebook, iPad, mobile device, laptop, … any device really!
A variety of security features come bundled with our all-in-one solution:
Browser-based solution: All runs and stays in the browser. No direct connection with the end-user device, so no need to install extra antivirus software on the PC.
Secure authentication process: MFA is built-in, or you can integrate another commercial platform that you already have in place.
Context-awareness: It’s possible to define geo locations and/or IP addresses as safe zones per user (group) or feature.
No local data: There is no data stored locally on the device, ever.
Auditing: Access to various auditing capabilities like session recording, usage control, anomaly detection, …
If you want to know more about how Awingu can help you reduce cybersecurity risks during remote access, so that you can lower your cyber liability insurance, you can find more information about the security aspect of the product here.