By Raul Popa, CEO & Co-Founder, TypingDNA
Like other types of insurance, Cybersecurity Insurance protects businesses in case of a rainy day. But as breaches become commonplace, insurers are running for shelter — becoming pickier about who they’ll insure, and what premium they’ll charge based on perceived risk.
When it comes to cyber insurance… the name of the game is risk mitigation. Insurers reward companies who take steps to mitigate risk and reduce the likelihood of payout for damages. On the flip side, many insurance providers are increasing premium prices and turning away the most vulnerable prospects.
Similarly to driving a car. If you wreck it once, your premium will jump. If you wreck it repeatedly and don’t take precautionary steps to mitigate risk, you’ll no longer be able to get insurance. In the long-term though, this approach is actually a good thing for all parties involved. Businesses will take steps to be more secure — resulting in fewer data breaches and sensitive customer data spills — while insurers will have fewer incidents to pay out.
Risk mitigation pays off, for everyone.
What To Do Before Negotiating Your Cyber Insurance Premium
When it comes to negotiating the cost of your cyber insurance premium, it comes down to a simple question of preventative measures. What steps did you take to mitigate the risk of cyber breach?
A robust security structure takes time. There are a myriad of things you can do in the long term, but your remote workforce is out there TODAY. Not to worry, below are immediate steps you can take to improve your security posture — ultimately, putting you in a stronger position to negotiate your cybersecurity insurance premium.
Keep in mind, the actual cost savings from implementing the advice below will vary depending on your industry, company size, annual revenue, and the insurance carrier, among other factors. It will be important for you and your carrier to customize an insurance policy to your particular industry, business risks, and identified vulnerabilities. This is not one-size-fits-all advice. Yet, implementing cybersecurity best practices and remaining compliant with industry standards will lower your premiums with many carriers.
So what can you do to reduce the risk of a cybersecurity breach?
Perform A Risk Assessment
One of the first questions cybersecurity insurers ask is what data is at risk and what steps you’ve done to safeguard these assets. Analyze what may be impacted by a cyber attack or data breach, and the potential fallout from damages. Consider the cyber criminal’s desire for:
- Customer data
- Financial data
- Employee data
- Proprietary company data and intellectual property
- Credentials and access
One of the key determining factors in the cost of your cyber insurance policy is the number of records you store, access, and transfer on a normal basis. One easy way to keep your insurance premium down is to tightly control the volume of records you deal with, and the access controls that protect that data.
Educate Your Workforce On Security Best Practices
The efforts of your cybersecurity team will go a long way; but they can only do so much. If your workforce is not well-educated on security protocol, or doesn’t take their security training seriously, the chances of a breach are significantly higher. Take the time for ongoing security training for every team member in your company. Continue to do compliance, security, phishing, social engineering, and privacy training to ensure your employees and contractors are all aware of how to keep sensitive data out of harm’s way. This is especially crucial for remote employees and the security issues that arise from insecure work-from-home environments.
Implement A Strong Password Security Policy
Weak Passwords = Big Trouble. If your employee leaves their computer at a cafe, you want to make sure it can’t be easily accessed with a predictable password. Many insurers will outright refuse to insure you if you don’t have a strong password policy in place. Everyone online today has heard of the dangers of identity theft, hacking, and cyber fraud, yet we consistently hear that the two most commonly used passwords are “123456” and “password.” At minimum, strong passwords are at least 8 characters, do not contain words that are found in the dictionary and include a combination of lowercase and uppercase letters, numbers and symbols, and are frequently updated.
Have A Strong 2FA
A phrase we hear often: “Attackers aren’t breaking in, they’re logging in.” Compromised credentials are the root cause of cyber breaches. And with 65% of people reusing the same password across multiple websites — including their company logins — it’s easy to see why cyber insurers are nervous. With so many remote workers now either working remotely or in a hybrid manner, it is not enough to focus on firewalls or enhanced passwords — today, robust MFA must be part of every login scenario.
Least Privilege Access Control
Every team member doesn’t need access to every file. Give your workforce only the access they need to perform their particular job and complete their job-related tasks. No more, no less. One of the key determining factors in the cost of your cyber insurance policy is the number of records you access, store, and transfer on a normal basis. An easy way to keep your insurance premium down is to tightly control the volume of records you deal with. The other is limiting who actually has access to those records.
Continuous Endpoint Authentication On Every Device
Cyber insurers want to mitigate the risk of a data breach. But when employees work remotely, device sharing may actually be your company’s biggest threat. To reduce your premium — in addition to the tips above, you’ll need to prove to your insurer that you’re taking precautionary steps to ensure that only authorized employees are accessing the company laptop and the sensitive information that lives on it at all times.
Companies from highly regulated industries such as healthcare, finance, legal, customer service, and human resources have to follow strict standards to safeguard customer and company data. Educate your workforce on the dangers of device sharing. Company devices should never be left unattended, especially in a public place like a coffee shop. But even in the comfort of their homes, employees must know that sharing their company laptop with an unauthorized user is never okay — even if it’s for something “innocent” like letting your kid watch Netflix on your device. One wrong click and you’re risking a phishing scam, accidental file deletion, or violating compliance regulations like HIPAA, PCI DSS, GDPR, and SOC2.
Unfortunately, relying on your employees alone is more of a “hope & pray” strategy. Security teams must implement continuous endpoint authentication solutions that constantly verify an employee’s identity in the background throughout the day without being a burden.
Want To Lower Your Cyber Insurance Premium? Mitigate Risk.
In a work-from-anywhere environment, company devices are more vulnerable than ever before. The biggest thing you can do to lower your cyber insurance premiums is to reduce your overall risk. While it takes time to build a truly robust security infrastructure, taking the steps we covered above like Education, Strong password policy, 2FA/MFA, Least privilege, and most importantly protecting your devices with continuous endpoint authentication will immediately improve your security posture — giving you more leverage to negotiate and reduce your cybersecurity premium.
About the Author
Raul Popa is the CEO, Co-Founder, and Data Scientist at TypingDNA — an award-winning cybersecurity startup that authenticates people by the way they type on computers and mobile devices. Typing biometrics technology is currently being used in our suite of Continuous Authentication and 2FA products. Raul and TypingDNA have won multiple awards and were featured in TechCrunch, Forbes, VentureBeat, TheNextWeb, ProductHunt, FinancialTimes, and other top publications. Raul was recognized in the Top 60 AI Influencers from Eastern Europe and was featured in the Top 100 New Europe list of influencers. As a tech innovator Raul speaks about AI, Biometrics, Identity Access Management and entrepreneurship at global events such as TEDx, Applied Machine Learning Days, World Summit AI, International Biometrics Summit, Future of AI (at European Parliament), How To Web, TechFest, any many others. Connect with Raul on LinkedIn and Twitter, or at https://www.typingdna.com/