LINEARSTACK
March 23, 2023

Requirements for Cybersecurity Insurance

Cert NZ : $3.9 million in direct financial loss was reported in Q2.

Cyber insurance policies cover losses from computer network intrusions (hacks), malware infections, data breaches, and other types of malicious activity. It usually includes coverage for direct expenses related to an incident, including investigation, notification, and remediation.

Cyber insurance premiums vary depending on the strength of your cybersecurity measures, the types and amount of coverage included in your policy, and the size of your business (number of employees, annual revenue, etc.), which affects the size of an insurance claim in the event of an attack. 

The cyber insurance market is considered a risk due to the increase in ransomware payments and other costly breaches. The lack of long-term data makes it difficult for providers to assess the risks they are taking on. With the increased demand for coverage alongside a steady rise in cyber incidents, the price of cyber insurance has been rising.

Key Elements of cyber insurance coverage

There are several critical elements of cyber insurance coverage that most businesses need. These essential coverages include:

  • Forensic Investigations expenses
  • Legal Expenses including class-action lawsuits
  • Notification Expenses
  • Regulatory Fines and Penalties
  • Credit Monitoring and ID Theft Repair
  • Public Relations Expenses
  • Liability and Defence Costs

What to expect when applying for cyber insurance

Since the cyber insurance landscape is changing rapidly, it's essential to understand the latest requirements. Here are somethings you can expect, along with steps you can take to maximise coverage and minimise costs.

Whether your organisation is considering cyber insurance for the first time or is up for a policy renewal, you'll have to complete a questionnaire about your existing cybersecurity tools and continuous monitoring programs, current adaptive controls, and processes. Your organisation's ultimate evaluation “score” helps the insurance broker quantify your level of risk and overall security posture. Having a well-documented proper cybersecurity program helps keep your insurance premiums lower. 

The importance of comprehensive risk assessments and penetration testing

With the rise of cyberattacks on the firms’ databases, services, networks, and bank accounts, assessing a company’s cybersecurity before hackers do is crucial for every business. One security breach can cause the permanent loss of clients’ and stakeholders’ trust and, in some situations, can even lead to bankruptcy. One of the basic steps to protect your company’s data from unwanted eyes is to perform a penetration test.

Frequent risk assessments performed by third-party service providers also helped prepare you for your cybersecurity insurance audit and renewal review. Due to the increase in claims from ever-increasing cybersecurity risks, insurance providers are spending more time performing more in-depth due diligence processes to validate the client's cybersecurity attacks prevention capabilities before issuing new policies. Insurance carriers look for well-maintained and updated security programs with proven cyber security incident capabilities strategies. 

What is required for cybersecurity insurance?

Most insurance carriers require organisations to ensure the secure deployment and upkeep of the following security capabilities and adaptive controls:

  • Do you use multifactor authentication (MFA) for your internal and customers' external-facing applications, such as VPN or remote access tools?
  • Do you secure the privileged credentials it uses to access customer environments?
  • Do you monitor your domain accounts to access and administration
  • Accounts with access to sensitive on-premises resources
  • What endpoint protection and monitoring solutions do you use?
  • Anti-virus with heuristics capabilities
  • Behavior detection
  • 24/7 security monitoring- Do you currently monitor all security solutions in-house or with an MSSP?
  • Do you have an Incident Response (IR) retainer with a reputable firm experienced in performing incident response at scale?
  • Security governance and policies
  • Employee training- How often do host security awareness training? 
  • Incident response and awareness plans - Do you have a defined business continuity and disaster recovery strategy?
  • Secure VPN or zero trust access - Do you have zero trust deployed today with SASE?
  • Patch management - What is your patch solution?
  • Do you have a vulnerability management program, and, if so, how is it executed?
  • Email security - What vendor do you use for email security and message encryption?

                      o   Does your organisation perform regular system/file backups?

                             o   If yes, do they cover your organisation's critical data?

                             o   Are they stored offsite or on-premises?

                                   o On-premises: Are they connected to your network (e.g., NAS) or physically separated (e.g., USB, CD)?

Verification and validation before insurance coverage are issued

  • Most insurers now require proof that a data breach response plan
  • Over 45% of cyber insurance plans will not be renewed in 2022 because firms do not have proper security software, procedures, and processes.
  • Some insurance carriers require the companies they insure to have regular penetration testing and security audits by 3rd party firms with no association with personnel or the company.

Cyber insurers often refuse to pay policyholders who don’t demonstrate ‘reasonable care for their security risk program while failing to uphold their patch management policy.

Cyber insurance can help protect against some common cyber risks. Still, cyber threats are growing, so cyber-attacks targeting critical infrastructure could affect entire systems and result in financial loss and catastrophic damage.

Benefits of Managed Security Services Provider- LinearStack

LinearStack brings operational efficiencies with their security experts to help protect your data, respond to a cybersecurity incident, and protect your intellectual property. You are gaining peace of mind, lowering operational and infrastructure costs while maintaining a higher level of security and critical business drivers for hiring a managed security service provider.

Internal IT, SecOps, and DevOps focus on net-new tasks and projects and less on operational upkeep. Managed services provide the skills, services, and reliability, so the core IT groups focus on strategic business objectives. LinearStack can handle monitoring, security incident response, and system patch. The cost of an MSSP to handle these operational tasks will be less expensive to the organisation.

Cyber essentials package for cybersecurity governance 

Who is this for?

This package is designed for small and medium enterprises to help with cybersecurity governance to provide their security adaptive controls, incidents, and processes are functioning correctly. Cybersecurity carriers will audit clients before renewal to validate that all security controls and other requirements are working. Leveraging an MSSP like LinearStack will meet these requirements.

Out package covers all stages of cyber defence, from gap assessment, remediation, and road mapping to 24 x 7 threat detection and response. This service helps support vulnerability management, protection of e-commerce environments, and continuous compliance mandates and regulatory requirements.

Services to support digital retail transformation

Our Technology and Architecture Implementation services are designed for organisations that need security frameworks tailored to their existing IT infrastructure and organisational goals to help secure the next-generation retail customer experience.

Industry expertise

We live and breathe cyber security, which means we use the best software, know how to set it up for the best results, and learn how to run a robust program. You get access to the latest industry innovations and intelligence and a team of experts, so your team can sleep at night.

Specialist teams ready to respond

Seconds matter with security breaches, malware infection, and ransomware attacks. Our dedicated threat response teams are ready and alert, quickly identifying threats, searching through log data, making decisions, collaborating, and remediating incidents.

Culture

Founded in 2013 with a strong focus on world-class cyber security services, LinearStack was built from the ground up in Auckland, New Zealand. Our passion for making information security simple and accessible for all organisations is the fuel that fires our engine.

We’re a growing team of certified Cyber Defence Analysts, Threat Hunters, Incident Responders, CTI specialists, Malware analysts, security architectures, and engineers with two geo-redundant operations centers across the globe.

We’re 100% privately held, grown with a family mindset. When working with clients, we’re well integrated within their teams and act as an extension of their operations. Augmenting existing teams is a transition we manage smoothly, empowering our customers to prioritise cybersecurity strategy while we protect their business from cyber threats 24x7.

We believe maintaining thriving IT systems and assuring data protection are fundamental needs that all businesses deserve.

Contact Us

Want to know more about what we have to offer?  We'd love to hear from you

Get in touch with us today:

Phone: 0800 008 795

Email: info@linearstack.co.nz

Website: https://linearstack.co.nz   

Blogs

Start Reading

Our latest blogs and news are here for you

What is SAML?

Components to secure Security Assertion Markup Language (SAML)
Read More

How Will AI and ML Assist with Data Loss Prevention?

Data loss prevention, artificial intelligence and machine learning.
Read More

MSSPs' Role in Managing AI and Security

The role of MSSP's to manage AI & Cybersecurity both collaboratively.
Read More
Are you experiencing a security issue? Call us now.