Cyber-Insurance: New Class of Policies Require a Strategic Rethink

As more people work remotely due to the COVID-19 pandemic, the number and sophistication of cyberattacks on businesses and organizations of all types continues to increase. When remote employees access enterprise networks via compromised endpoints, such as personal computers and smartphones, resulting breaches permeate throughout the enterprise and cause significant harm.

With the cost of a data breach in 2020 averaging $3.86M, businesses seek effective solutions to protect themselves from financial and reputational damage. This has created an opportunity for insurance providers to create a new class of insurance products. Unfortunately, it may also have the unintended effect of further incentivizing cybercriminals to develop more sophisticated malware, as an insured company may be more likely to pay a ransom.

The concept of cyber insurance is a relatively new concept for both insurers and their clients. Unlike health or home insurance, there isn’t an established formula or comprehensive threat and risk analysis that insurers can use to measure and value the protection they’re offering. While cyber-insured companies may partially recoup the immediate financial damage should a breach occur, the reputational damage is much longer-lasting. From the insurer’s perspective, in order to reduce the cost of claims, it is critical that they offer cyber-focused policies backed by a robust security product during the qualification phase of prospective clients.

Rethinking Insurance

Insurers need to establish strict requirements that ensures their clients are adequately protected to prevent the risk of a breach. For starters, they should eliminate the possibility of a legacy policy stagnating as time goes on. As needs and vulnerabilities change with time, it’s important for both insurers and their clients to revisit policies at least once every year to ensure that the most recent potential exposures are covered and that coverage meets the nature and size of the most pressing threats.

Perhaps most importantly, providers should recommend, or even require, that their clients implement a prescribed solution for both endpoint and network cybersecurity. Cybersecurity products that rely on detecting a signature or threat pattern alone will fail in workstation and server settings when targeted by well-crafted zero-day malware. Similarly, software defined network (SDN) solutions often do not work with legacy devices, especially in Industrial Internet of Things (IIoT) environments, resulting in gaps in security.

Without solutions in place that can specifically prevent zero-day and targeted malware attacks, businesses are at tremendous risk of experiencing a breach. For the insurer, it means a greater total number of claims, costly payouts, and a higher premium for their clients. This is a loss for all parties.

Blue Ridge Networks is uniquely suited to assist both insurers and their customers as they seek comprehensive cyber coverage by providing cybersecurity solutions that significantly improve their overall security infrastructure. Both LinkGuard and AppGuard are zero-trust solutions that enhance security by emphasizing prevention, rather than detection alone. Furthermore, both LinkGuard and AppGuard are compatible with other endpoint and network cybersecurity solutions available in the marketplace, and if necessary may be deployed in conjunction with these solutions to achieve a cyber-stack that provides defense in depth.

Taking these critical steps when creating and issuing cybersecurity insurance policies will reduce the number of compromised customers or prevent them entirely, ensuring lower risk for both parties.

Have questions about cybersecurity insurance? Contact our team.