Getting the right protection from a cyber insurance policy

Getting the right protection from a cyber insurance policy

Nick Turnbull, Senior Vice President Asia Pacific and Japan, BeyondTrust, says cyber insurance can never be a ‘set-and-forget’ undertaking.

Nick Turnbull, Senior Vice President Asia Pacific and Japan, BeyondTrust

As the number and sophistication of cyberattacks continues to grow, increasing numbers of organisations are evaluating how much protection they can get from cyber insurance.

Policies vary in both cost and coverage and, for this reason, it’s important that careful evaluation is carried out before purchase.

Failing to do this could result in claims being declined or compensation withheld.

Cyber insurance is designed to help an organisation recover from a cyberattack.

Some policies also offer coverage for financial losses that result from an attack – ranging from lost productivity to the cost s associated with relevant investigations and lawsuits.

Organisations should also consider the benefits of having a policy that specifically covers data breaches. This will help cover the potentially high cost of responding to an incident in which personal or highly confidential data is leaked.

An organisation needs to have a clear understanding of what is covered by (and excluded from) a particular policy. Comparing policies from different insurers can be challenging as they will often use different clauses and terminology. Careful review and comparison is critical.

As well as securing an appropriate policy for cover, organisations must also take all steps possible to reduce the chances of a successful attack occurring -with significant attention to managing admin rights.

A policy of ‘least privilege’ access should be adopted to ensure that access to particular resources is restricted to only those who really need it for only as long as they need it.

The number of users with admin rights should also be as restricted as possible.

The IT team should also work to improve credential and session management through the introduction of multi-factor authentication.

Prospective insurers will also want to be confident that any organisation seeking a policy has in place the best possible suite of protective measures to reduce the risk of cyberattack.

Being able to confirm that there is a robust data backup system in place will also be critical. As well as helping an organisation recover from an attack, it can reduce the time taken and the costs incurred.

A key factor to remember when considering and evaluating cyber insurance is a market in a constant state of flux.

On one side cybercriminals are constantly evolving their attack techniques and making use of new vectors. On the other side, insurers are continually refining their policies to ensure they give appropriate levels of protection as conditions change.

For this reason, cyber insurance can never be a set-and-forget undertaking.

Organisations must also regularly review their coverage to ensure it is appropriate. Sticking with the same policy for multiple years is very unlikely.

However, by taking time to understand the potential threats and securing appropriate coverage, organisations can be best placed to withstand threats and recover quickly should a successful attack occur.

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive