The insurance market is now aware that cyber risk is difficult to manage and therefore difficult to insure. It is an intangible risk impacted not only by the growth in digital crime, but also the extent to which clients are digitally resilient. At Eye Security, we believe that insurers hold the key to making businesses more resilient, provided that they go about this in the right way.
An article by Arjan Halma, Managing Director at Eye Security.
Despite the government's best efforts, it has proven difficult to impose adequate security measures on companies. After all, this requires a lot of knowledge, time and money, all resources that the average company might not have. If a company reaches out to an insurer in its search for a solution to manage cyber risk, it may have the door slammed in its face. Why? Inadequate security at the company means that the likelihood of a cyberattack occurring is too high to insure that risk.
Security checklist for insurance
The fact that many businesses and even entire sectors are proving uninsurable is a logical consequence of the exponential rise in cyberattacks and the extent of the damage they cause. Companies appear to be extremely vulnerable to cyberattacks, especially costly ransomware attacks. This is exactly why the role of insurers is so crucial. In recent years, insurers have developed requirements that companies must meet before they can take out insurance or renew their current insurance. This means that companies must first implement security measures before they can take out insurance, immediately making them more resilient to cyberattacks.
Don't wait until it's too late
When you insure against fire, you know that you can reduce the potential impact by installing a fire-resistant ceiling and sprinkler system. In the case of home insurance, making sure that you have good locks on your doors will reduce the chances of a break-in. When it comes to cybersecurity, measures such as these are only partially effective. IT departments often take preventative security measures, such as enforcing strong passwords or training employees to recognise fraudulent emails. Unfortunately, criminals often still find their way in, for example through vulnerabilities in outdated software. Companies are forced by insurers to update certain software when renewing their insurance, but checking that outdated software has been updated only after having been insured for a year is too late. It is therefore essential for companies to focus not only on prevention, but also on measures that reduce the impact of a cyberattack.
How do you deal with risk assessment, if this is a requirement before taking out a policy? When it comes to cyber resilience, the traditional way of providing insurance does not work well enough. That is why, at Eye Security, we use real-time data to carry out risk assessments. We combine insurance with the right security measures. The responsibility for our clients' cybersecurity therefore rests with us, allowing us to take immediate action in case of incidents or vulnerabilities in outdated software. As a result, the cyber risk is directly manageable and therefore insurable.
Working together to fight cybercrime
Because we believe in the combination of security and insurance, we have developed our own cyber insurance and work extensively with insurers. We help insurers to reduce risk and impact, and our clients to secure their business. We are happy to help you insure your clients and make them cyber-resilient. Please feel free to contact us to discuss your options. In this way, you can also help to make cyber risk insurable again in the future and to make your clients immediately more resilient.
Sustainability. Growth. Digitalisation. These are the words everyone’s using about the logistics landscape of 2023. But what do they mean for individual businesses – and for security?
Multi-Factor Authentication (MFA) is not sufficient. Various attacks, such as EvilProxy, can bypass MFA. Here, we discuss how you can defend yourself.
Software and operating systems are constantly evolving. Those that are no longer maintained - such as Window Server - may be hiding unmitigated security vulnerabilities within your business. Proactively assessing your infrastructure strengthens your security posture and your resilience against cyber threats.
Vishing attacks (voice phishing attacks) are getting more sophisticated. In this article, we cover the details of a real vishing attack that we prevented. Includes digital forensics, incident response, mitigation and prevention measures and IoC lists.