While ransomware showed signs of decline in 2022, according to Delinea’s latest State of Ransomware Report, its devastating consequences mean there is no respite in the requirement for cyber insurance.
The report found that only 25% of surveyed organisations were victims of ransomware attacks in 2022. This is a stunning decline from the previous 12-month period when 64% of respondents reported being victims.
But the consequences of ransomware attacks are now more tangible, with more respondents reporting lost revenue (56%) and customers (50%) in 2022 compared to the previous year.
The bottom line is most organisations still need cover. Another Delinea report reveals that around 70% of surveyed organisations have applied for cyber insurance. Nearly 80% of organisations with cyber insurance have had to use it, and more than half of those used it multiple times.
But getting cyber insurance is not a one-size-fits-all exercise. Insurance companies assess each organisation on an individual basis. They want to understand the risks and potential damages, and how well protected the organisation is from cyber attacks.
With the price of cyber insurance rising even faster than inflation – and the risk that some organisations will find it difficult to get insurance for a price they can afford – prospective policy seekers need to be prepared.
1. Identify risks and educate employees
Insurers want clients to understand their risks and have established risk management processes, potentially including a cybersecurity risk assessment. Identifying vulnerabilities also helps gauge any company’s cyber risk tolerance.
Insurers also want to see regular cybersecurity training beyond simple online tests or signoffs on security policies. Make cybersecurity awareness training part of the corporate culture and include it any time company-wide or departmental training is conducted.
2. Track assets and privileged accounts
Organisations should have an inventory of all devices, software and privileged accounts that attackers can target, including those used by remote workers. Identify all threat vectors and determine the value and scope of the assets to insure.
Discovery tools for Active Directory accounts and passwords, service accounts, and local accounts and applications make this much easier.
3. Automate passwords and use MFA
Using manual spreadsheets for password management is a red flag to insurers. Implement a privileged password management solution such as a password vault to track credentials and generate and rotate complex passwords, so people don’t have to type or remember them. Use automation to apply policies consistently and avoid human error.
Multi-Factor Authentication (MFA) adds another layer of security. Show insurers the right steps have been taken to counter credential-based cyber attacks by using MFA both at login and at privilege elevation.
4. Implement PAM and defence-in-depth
Hackers often conceal their activities under the guise of a legitimate administrative user. A comprehensive PAM solution helps control access to systems and data, and comply with regulations. Look for software that can automate the identification and analysis of risk to privileged accounts, along with vaulting, continuous monitoring and session recording.
Demonstrate that additional measures are taken to protect from malware attacks by implementing defence-in-depth. This includes implementing and enforcing least privilege access, restricting or removing local admin rights, and layering in threat intelligence and endpoint protection solutions.
5. Back up accounts and use endpoint security
When disaster strikes, it’s critical to recover quickly. Make sure all secrets (passwords and other credentials) aren’t tied to a single location and can be moved to a safe space. A successful password management or PAM solution should have infrastructure redundancy for break-glass access.
An endpoint security tool also makes identifying and responding to attacks easier. Choose a solution with comprehensive monitoring, alerting and reporting capabilities for privileged behaviour on workstations and servers. IT security teams should be able to identify unexpected behaviour and conduct forensic analysis if a breach occurs.
6. Monitor credential usage
Keep an eye on employees’ credential usage: 82% of data breaches involve the human element, including social attacks, errors and misuse, according to Verizon’s 2022 Data Breach Investigations Report.
Leverage a PAM solution that can monitor remote sessions, extend remote monitoring to cloud sessions, and uses Privileged Behaviour Analytics to look at what digital identities access to detect anomalies and stop attacks.
7. Create an incident response plan
An incident response plan can stop a cyber breach becoming a catastrophe. It helps IT operations, security, and incident response teams to form a united front against an attack, coordinate a rapid response, and maintain business continuity.
Use a customisable template to create an incident response plan. Include a checklist of roles and responsibilities and actionable steps to measure the extent of a cybersecurity incident and contain it before it damages critical systems. Conduct incident simulations to identify areas for improvement and demonstrate that response readiness is more than theoretical.
While not a replacement for a solid, up-to-date cyber security program, organisations should strongly consider cyber insurance to cover against the increasing consequences of ransomware and other attacks. The better prepared an organisation is, the easier it will be to get, and the less it will cost.