Cyber Insurance Isn't Cyber Security

Auto insurance doesn’t prevent collisions, and cyber insurance doesn’t prevent cyber-attacks. However, what you do in order to buy cyber insurance will.

Increasingly, you only can buy cyber insurance when you prove that you have implemented comprehensive strategies to reduce your risk and mitigate the cost of cyber-attacks. In fact, it is more valuable to implement those cyber security strategies than to have the insurance policy.

The cyber risk landscape is ever more complex ,sophisticated and potentially costly. Those trends drive policy costs higher and coverage lower. You must do more than ever to protect your organization from attacks and losses and to increase resiliency.

Experts currently recommend – and insurers increasingly expect – that you implement a cyber security policy of ‘never trust, always verify’, which requires a Zero Trust Architecture (ZTA). Typically, ZTA integrates various strategies that will do more than merely prevent bad actors from penetrating your system perimeter.

• Multi-Factor Authentication (MFA) – Avoids attacks with compromised credentials by using push notification, one-time password or biometrics
• Firewall – Reduces risk of penetrating your system perimeter and data
• Role-Based Access (RBA) or Privileged Access Management (PAM) – Grant access only to specific files, systems or data based on users’ needs ‍
• Antivirus program – Prevents, detects, and removes software viruses
• ‍Secure provisioning – Consistent security processes used when adding, modifying or deleting users ‍
• Regular data backups – Reduces impacts, cost and duration of attacks‍
• Timely software updates – Reduces opportunities to exploit weaknesses

First implement, maintain and periodically review sound and comprehensive cyber security strategies. Then consider cyber insurance.