Cybersecurity failures are alarmingly common among small and medium businesses (SMBs), making them prime targets for cybercriminals. Operating with minimal cybersecurity measures, often due to limited budgets, lack of expertise, or the naive mindset of “My company is so small, who would think to attack us?” small and medium businesses (SMBs) are a prime target. However, these failures are precisely what cyber thieves hope for as they continue to bombard websites with attacks and inboxes with increasingly sophisticated phishing attempts. According to recent reports, ransomware attacks have surged 261% against websites this year in India alone, often leaving insurance companies to foot the bill for a policy they underwrote.
This forces the average person to ask: How can organisations that continuously calculate risk have been caught off-guard by a cybersecurity blind spot? The core reason is a widespread lack of adequate defences, such as multi-factor authentication (MFA), insufficient employee training on phishing, immutable back-ups, and endpoint detection and response. Further, so many SMB clients moving to the Cloud presents a dizzying array of new configurations and best practices that are likely beyond a small company’s skill set.
Insurance companies calculate the cyber risk profile
Insurance companies have recognized the growing risk posed by cyber threats and have responded by upping the minimum standard protection needed to qualify for a cyber policy. Insurers now demand robust cybersecurity measures, including authentication with multiple confirmation steps, such as sending a code to a trusted phone or email. They also require regular security scans, endpoint detection and response capabilities, and reliable, offline hard data backups.
The challenge is that insurance companies are not inherently equipped to assess and manage cybersecurity risks. Organisations that lack a trusted cybersecurity solution on their networks and endpoints are ill-protected and cannot generate the insights necessary for insurance companies to accept the policy risk. This outside-looking-in approach requires insurance teams to fill in the gaps and leaves too much room for uncertainty. It hinders the ability to respond quickly since the digital clean-up crew will first have to reconstruct what exactly the system was like before the breach. At the same time, the lack of adoption of a proper security stack leaves much room for insurance companies to change today’s security landscape.
An insurance and cybersecurity partnership
In the 20th century, building owners were reluctant to install costly sprinkler systems to extinguish contained fires before spreading to other areas. Having lost far too much on paying out claims for people who lacked proper protection, they stopped underwriting policies for buildings that failed this critical safety measure. Sure, it helped keep people safe, but this fiscal move protected countless residents from harm.
Insurers typically rely on third-party cybersecurity firms to contain the damage, recover compromised data, and evaluate the impact when a breach occurs. This reactive approach is costly and inefficient, leading insurance companies to bleed money to cover the extensive damages from cyber incidents. We are now at a breaking point where underwriters need to switch from an outside-looking-in approach to a more transparent inside-looking-out vantage point, where companies send over relevant insights.
Making this a reality lies in fostering a partnership between insurance companies and cybersecurity firms. By aligning efforts, these entities can create a robust ecosystem aimed at preventing cyber attacks while protecting sensitive data. Such a partnership can invigorate the approach to cybersecurity and insurance, ensuring that both sectors work towards a common goal of risk mitigation and data security. Healthcare companies are already employing the FitBit for telemetry and other monitoring systems that can keep healthcare costs in line.
One security standard that is widely accepted by insurance companies is the Center for Internet Security’s Critical Security Controls (CIS18). These controls provide a comprehensive framework for securing a company’s networks and systems. By referencing theCIS18 as best practice, insurance companies can ensure that SMBs implement industry-standard cybersecurity measures. This alignment offers several benefits:
- Standardised Security Assessments: By assessing an organisation’s data, insurers can assess where they are and develop a timeline of how to strengthen the company’s security over the next 12 months, moving them in the right direction.
- Transparent Data Sharing: Insurance companies can gain access to detailed reports on SMBs’ cybersecurity postures, enabling more accurate risk assessments and tailored policy offerings. This can be done via data sharing. As a result, the insurer can accurately assess the risk level and determine appropriate coverage options while the business gains valuable insights into areas needing improvement.
- Enhanced Coverage and Discounts: Businesses that meet a heightened level of cybersecurity may be eligible for policy discounts and other benefits, such as higher limits, lower deductions, or no co-insurance requirements.
- Resource Efficiency: With standardised security measures in place, the renewal process for cyber insurance policies can become more streamlined, reducing administrative burdens for both insurers and SMBs.
Instead of undergoing a lengthy renewal process based on forms and interviews companies can automatically share data from their systems, which reduces the amount of questions the insurers need to ask. This streamlined process reduces administrative burdens and allows insurers to quickly renew policies for businesses and improve their book of business.
A secure future with controlled ransomware threats
The integration of cybersecurity and insurance efforts represents a rare business win-win-win scenario. Insurance companies benefit from reduced claims and financial stability, SMBs gain better protection and access to comprehensive insurance coverage, and end-users enjoy enhanced data security. By embracing this collaborative model, the industry can pave the way for a more secure and resilient digital future.
The views expressed in this article belong solely to the author and do not represent The Fast Mode. While information provided in this post is obtained from sources believed by The Fast Mode to be reliable, The Fast Mode is not liable for any losses or damages arising from any information limitations, changes, inaccuracies, misrepresentations, omissions or errors contained therein. The heading is for ease of reference and shall not be deemed to influence the information presented.