Policy Shift: The State of Cyber Insurance
The average cost of a compromise is now $9.4 million, according to IBM’s Cost of a Data Breach 2022 report.
Both the upfront costs and the associated impacts of a breach on reputation and productivity make cyber insurance an attractive option for organizations. Yet those same factors have caused carriers to raise policy premiums and tighten conditions for coverage. According to Fortune, the average price of cyber insurance in the United States rose 79 percent in the second quarter of 2022.
Two factors play a significant role in this increase. First is the growing number of cyberattacks on businesses of all sizes, meaning there’s a greater chance of insurance claims and potential payouts. Second, many companies are using outdated or ineffective security controls, making it easier for attackers to gain access. As a result, cyber insurance companies are now requiring organizations to complete checklists that ensure they have basic security tools in place before policies are issued.
The Solutions SMBs Need to Stay Protected
Cyber insurance carriers don’t want to pay out to policyholders that are reckless or irresponsible.
For small businesses, this often takes the form of failing to adopt appropriate security policies and not implementing modern tools capable of detecting or responding to emerging threats. This is especially worrisome given the increasing preference of attackers to breach small businesses using ransomware and then use their ill-gotten gains to target larger enterprises.
To obtain cyber insurance coverage, SMBs should have four solutions in place.
- Enterprise-grade email security: Insurance companies now ask small businesses to purchase and deploy enterprise-grade email security tools capable of automatically detecting and blocking common threats before they reach employee inboxes. These solutions often come with staff security awareness training options that can help reduce risk.
- Data loss protection: SMBs must have tools in place capable of pinpointing potential security issues and taking action to prevent data loss. Third-party services such as penetration testing, policy and access evaluations can help.
- Multi-factor authentication: Passwords remain a problem for organizations of all sizes. As a result, SMBs must deploy MFA tools that ask users to provide an additional identity factor for access, limiting the ability of attackers to brute-force their way into networks.
- Next-generation firewalls: Traditional, state-based firewalls can’t keep pace with new threats. Today, SMBs need next-generation solutions that help keep them ahead of attacker efforts.
Prepping for Policy Purchase
For many small businesses, it isn’t enough to know what they need to secure a cyber insurance policy. They also need help with assessment, implementation and ROI evaluation.
CDW’s Amplified™ Cybersecurity Services can help. From identifying current security gaps to pinpointing compliance challenges and automating routine security tasks, CDW experts work to bridge the gap between insurance expectations and current operations. And by applying a vendor-neutral approach, CDW helps SMBs conduct ROI assessments that let them find the best fit for their security needs.
Insurance is a critical but costly component of an overall cybersecurity plan. With expert assessment and assistance, however, small businesses are better equipped to balance policy, price and protection.