The Covid 19 pandemic and the sudden shift to remote work has redefined the cybersecurity threat landscape. The remote-work environment has given cybercriminals a larger attack surface to access a corporate network and its sensitive data. A recent survey by Proofpoint, a US-based cybersecurity firm, unveiled that 63% of Canadian-based companies have seen an increase in targeted cyber incidents since their employees started working remotely, meaning they are more susceptible than ever before!
The increasing awareness of cyber threats has forced companies to adopt more comprehensive cybersecurity insurance policies as a way of financially protecting themselves against the damages of a data breach or cyber attack. Despite the demand at an all-time high, cyber insurers have put on the brakes on cyber coverage, according to the U.S. Cyber Insurance Market Outlook report by Risk Placement Services (RPS). The severity and frequency of high-profile cyber attacks have created a situation where the insurance providers restructured their offerings with more exclusions in their policies’ terms and lower coverage limits, particularly in the most exposed industries to cyber attacks. In recent years, they have been battered by higher-than-anticipated losses.
Cybercrime is now a booming industry. Not only is it highly organized with large groups of people, it is also marketing and selling “solo hacker kits” for those bad guys that want to work from home. No one can fully predict what will happen, as no one could have imagined the current magnitude of the threat of cybercrime. As a result, cyber insurance providers are becoming increasingly discerning when it comes to the scope and limits of coverage.
The Minimum Requirement For Coverage
From the insurers’ perspective, having a proper security plan in place is an expectation rather than a privilege. In order to qualify for cyber coverage, organizations must have an adequate level of security and comprehensive transparency on their risk information.
One of the most talked-about requirements is multi-factor authentication (MFA). For insurers, MFA translates to less risk and many Canadian cyber insurance companies will not even consider offering coverage to a business if they have not deployed MFA for all their employees. Cybercrime and data breach response plans, SIEM, local and offsite backups, as well as OS patching and software updates are other components that insurers are looking for businesses to put into place. These services are considered the basic requirements for any security plan that every company needs in place.
Relying solely on insurance is not a great plan as many insurance policies have exclusions for certain types of incidents, such as those arising from employee negligence. Additionally, even if a policy does cover a particular incident, the payout may not be enough to fully cover the cost of recovery as the recovery from an event can take a very long time. Instead, companies should take a proactive and comprehensive approach that includes both insurance and other measures such as a robust security plan that includes employee training.
In order to make sure you remain prepared in a world of uncertainty with the right coverage in place for your business needs, contact us. ActiveCo Technology Management will work with you to identify the type of coverage you need. No more, No less. Call us today!