In Part 2 of our Cyber Insurance 101 series, we explored ways that companies can defend against ransomware. In this article, we’ll take a look at five additional security measures companies should take in order to successfully obtain cyber insurance coverage.
Measure 1: Endpoint Detection and Response
Endpoint Detection and Response (EDR) is a type of endpoint security solution that monitors and collects data in real-time from end-user devices in order to detect and examine potential cyber security breaches such as ransomware. Most organizations have hundreds to thousands of endpoints, which can include servers, desktops, laptops, mobile devices, IoT devices, etc.
Security expert Anton Chuvakin coined EDR as a way to define a new breed of security solutions that detect and defend against potentially harmful activities on an organization’s endpoints.
EDR solutions monitor activities occurring on endpoint devices and store information into a central database for review. When a threat is detected, the EDR typically sends out an alert to an organization’s defense team in order to prevent an attack. The defense team will then respond in a number of ways, such as isolating the compromised endpoint from the rest of the network, evaluating endpoint logs for a timeline of events, reviewing attack markers, and more.
Given EDR’s continuous monitoring, data gathering, and alert functions, such solutions are now seen as a critical cyber security component. Following suit, most cyber security insurance providers list EDR as a key component to successful coverage.
Measure 2: Protected Remote Desktop Protocol
The protection of remote desktop protocol (RDP) is another key security measure required by many cyber insurance coverage providers today. Originally developed by Microsoft, RDP is a type of secure network protocol that enables a desktop computer to be used remotely. A key feature of RDP is that it enables IT personnel to remotely access and diagnose problems on a remote user’s computer.
How RDP Works
The RDP provides teams with remote access to their users’ devices through a dedicated remote network. An RDP application then packages the data from the user’s device and sends it across the remote network where it is encrypted and then transferred to a host (such as IT) for decryption.
Why Protection is Needed
In the post-Covid remote work world, RDP has become immensely valuable in enabling IT teams to remotely run diagnostics and apply repairs to remote devices. The increase in remote work and dependency on RDP, however, has increased RDP’s vulnerability to attacks. According to some estimates, RDP exposure to hacker attacks has increased by 40% since Covid began.
As a result, many cyber insurance carriers now require proof that RDPs are either closed or protected in order to secure coverage. To provide that proof, companies can utilize third-party cybersecurity rating companies like BitSight, Security Scorecard, and Kynd — each of which can complete scored analysis to prove that an organization’s RDPs are protected.
Measure 3: Proper Data Management
Another key measure insurers look for is proof of proper data management. Cybercriminals primarily want access to sensitive data and build most of their hacks around retrieving that data. In order to defend against those attacks, companies need to know where their data lives, how it’s controlled, and who controls it within their team.
And all of this begins with proper data management. With proper data organization protocols in place, companies can significantly reduce their risk of attack and also gain more accurate forensic insights when breaches happen.
In order to prove proper data management to cyber insurance coverage carriers, companies should be able to adequately show that their data is:
Managed by authorized users (e.g. showing that sensitive employee personal data is only shared with appropriate personnel, such as HR)
Maintained across multiple servers in different locations
Protected by 3rd party security checks
Encrypted (in motion and at rest)
Has monitored access to ensure credentials are authorized
Measure 4: Regular Network Backups
Cyber insurers will also want to see proof of regular network backups before they provide coverage. Network backups are copies of a network’s data that can be used for archiving or restoring. Such backups are critical to business operations as they enable data protection and recovery in the event of a major system event, like a ransomware attack that encrypts all of an organization's data.
Insurers are particularly interested in seeing proof of such backups as they can help ensure an insured’s business operations can be maintained even in the event of ransomware or another cyber attack. Maintaining redundancy is crucial and It’s important to note that separate backups can have varying degrees of readiness depending on the need of company and how much their IT budget can allow for. These levels are generally referred to as hot, warm, and cold sites, and each has varying levels of readiness.
Risk management is a familiar concept for most companies and provides a strategic approach for the proper handling of unexpected threats — such as weather events or human error. Following the rise of cyber threats, cybersecurity risk management has become another critical strategy that companies must implement in order to handle cyber attacks.
Like other risk management plans, cybersecurity risk management helps organizations prioritize threats both before and after following an attack. To achieve this, the strategy should outline steps that help risk management leaders identify, analyze and address threats as they happen. While having such a process in place won’t completely eliminate threats, it will significantly increase an organization’s ability to appropriately address and contain the threats and reduce the time needed to be fully operational again.
Stay tuned for part four of our Cyber insurance 101 series where we’ll look at why businesses need a breach response plan to successfully secure cyber insurance coverage.
About Andy O’Neill, Director of Cyber, Relay Platform
Andrew has had a successful career in the Cyber Liability industry that started with Colemont (now AmWINS) as Assistant Broker through the Broker in Training program with the Financial Services team. Andrew continued his professional development by becoming an Underwriter at the Travelers and later with the MGA Business Risk Partners, where he took control as the Lead Underwriter on the Cyber and Technology program with Liberty International Underwriters. Andrew later returned to the broker side with RT Specialty and continued to focus on Cyber Liability and Tech E&O. He currently serves as the Director of Cyber and Tech E&O at Relay Platform.
Andrew comes from a diverse background. In addition to his extensive background in Cyber Liability and Tech E&O, he also served in the U.S. Army where he was an Air Defense Team Chief and graduated from Airborne school.