While the early days of cyber insurance were often marked by rapid expansion and low losses, recent years have seen the industry weather a vast increase in not just the number of claims but also the severity. The growing prevalence of ransomware attacks is a big reason why—and the phenomenon shows no signs of slowing down.
Increased Ransomware Claims Have Led to Increased Underwriting Scrutiny
As expected, the rapid increase in claims has cyber insurance providers issuing new policies and renewals with higher premiums as the formerly underpriced market catches up to the current risk.
That said, premium increases are only one aspect of the story—underwriters are putting more scrutiny into due diligence when pricing premiums. In fact, it’s not uncommon for underwriters to deem an organization uninsurable if it demonstrates poor cyber security practices, as the risk of paying out a potential (and rather likely) ransom claim is seen as too expensive to undertake.
These are just a few of the reasons why cyber insurers are now requiring various supplemental applications in addition to base applications. As such, organizations would be wise to ensure they can demonstrate competency and commitment to certain cyber security best practices prior to the underwriting process. Below are six of the key security controls centered on ransomware protection that underwriters will look for when considering your cyber liability insurance policy.
1. Multifactor Authentication
Multifactor authentication (MFA) is a security feature that requires a user to provide two separate forms of identity to log in or access a server, thus preventing intrusions via stolen credentials, phishing, and brute-force password attacks. Aside from the user’s standard login credentials (i.e., username and password), MFA requires the user also to be authenticated with methods that can include a code texted to their phone, security questions, a third-party app, or a separate encrypted key.
MFA is now ubiquitous for people using popular consumer apps, so it certainly needs to be deployed for your organization’s users as well. Underwriters want to see MFA deployed for all remote access to the network, all admin functions within the network, and enabled across any enterprise cloud applications.
2. Network Segregation and Network Segmentation
Network segregation is the practice of separating critical networks from the internet, while network segmentation occurs when larger networks are split into smaller segments.
Both precautions effectively mitigate the risk and potential impact of ransomware attacks by making it harder to reach crucial data and infrastructure. They can also aid in identifying future threats by boosting IT and security teams’ auditing and alerting capabilities, thanks to a more granular environment.
3. Comprehensive Data Backup Strategy
Enterprise data backup and recovery are essential components of a business continuity plan, and both are relevant to your organization’s resilience to ransomware attacks.
The frequency of data backups, the scope of the data, recovery point objective (RPO), and recovery time objective (RTO) will all be examined by an underwriter. The same goes with how your backups are stored—whether that’s in the cloud, on tape, or on on-premises hard drives at an external data center. The key is first to ensure the safety of your data backups so potential attackers can’t corrupt them. The next factor is to have a swift disaster recovery process in place that can quickly access backup data and restore it in the event of a breach such as a ransomware attack.
4. Endpoint Detection and Response and Anti-Malware
Endpoint detection and response (EDR) continually monitors and analyzes endpoints such as staff workstations to mitigate malicious cyber threats by identifying security breaches as they happen and determining how they are spreading.
Anti-malware is a version of EDR that can scan your systems and networks for threats such as ransomware and remove them if detected. With endpoints numbering in the thousands for some organizations, EDR is essential to ensure the integrity of your internal systems and networks.
Underwriters will also look to see if you’ve disabled administrative privileges on all endpoints. Even one unchecked administrative user on an endpoint can lead to disastrous data breaches if the endpoint is somehow compromised.
5. Sender Policy Framework
Sender Policy Framework (SPF) is an email authentication method that detects forged sender addresses during the delivery of an email. SPF can block emails from unauthorized senders before they hit an employee’s inbox, which can help prevent threats such as phishing attacks and elaborate ransomware schemes.
6. Properly Configured Remote Desk Protocol
Remote Desktop Protocol (RDP) enables remote employees to access office desktops and other computer resources when outside of the office. This capability experienced a vast increase in usage because of the COVID-19 pandemic, but it can also leave organizations at great risk of ransomware attacks if the configuration is not set properly—as seen by the corresponding uptick in attacks since spring 2020.
Organizations are encouraged to turn off RDP unless absolutely necessary. If RDP is needed at any point, the connection should be secured by a combination of a VPN and multi-factor authentication.
Invest in Your Cyber Security Controls to Lower Insurance Rates
Ransomware attacks are not subsiding anytime soon, so don’t expect the increase in underwriter scrutiny to do so either. By investing more time and attention in your cyber security controls prior to your policy renewal or inception date, you can ensure a more favorable outcome with manageable rates and a preferable level of coverage.
The items above serve only as a starting point. For more insights into cyber coverage, be sure to check out these Woodruff Sawyer resources:
Woodruff Whiteboard Breakdowns: 6 Things Underwriters Look For in Ransomware Protection
Related Blog Posts
Read more for our insight into the policy provisions and recent insurer directives you need to consider when evaluating potential insurance response.