Insights

6 Things Underwriters Look for in Your Ransomware Protection

July 20, 2022

/Cyber Liability

While the early days of cyber insurance were often marked by rapid expansion and low losses, recent years have seen the industry weather a vast increase in not just the number of claims but also the severity. The growing prevalence of ransomware attacks is a big reason why—and the phenomenon shows no signs of slowing down.

Cyber security concept laptop

Increased Ransomware Claims Have Led to Increased Underwriting Scrutiny

As expected, the rapid increase in claims has cyber insurance providers issuing new policies and renewals with higher premiums as the formerly underpriced market catches up to the current risk.

That said, premium increases are only one aspect of the story—underwriters are putting more scrutiny into due diligence when pricing premiums. In fact, it’s not uncommon for underwriters to deem an organization uninsurable if it demonstrates poor cyber security practices, as the risk of paying out a potential (and rather likely) ransom claim is seen as too expensive to undertake.

These are just a few of the reasons why cyber insurers are now requiring various supplemental applications in addition to base applications. As such, organizations would be wise to ensure they can demonstrate competency and commitment to certain cyber security best practices prior to the underwriting process. Below are six of the key security controls centered on ransomware protection that underwriters will look for when considering your cyber liability insurance policy.

1. Multifactor Authentication

Multifactor authentication (MFA) is a security feature that requires a user to provide two separate forms of identity to log in or access a server, thus preventing intrusions via stolen credentials, phishing, and brute-force password attacks. Aside from the user’s standard login credentials (i.e., username and password), MFA requires the user also to be authenticated with methods that can include a code texted to their phone, security questions, a third-party app, or a separate encrypted key.

MFA is now ubiquitous for people using popular consumer apps, so it certainly needs to be deployed for your organization’s users as well. Underwriters want to see MFA deployed for all remote access to the network, all admin functions within the network, and enabled across any enterprise cloud applications.

2. Network Segregation and Network Segmentation

Network segregation is the practice of separating critical networks from the internet, while network segmentation occurs when larger networks are split into smaller segments.

Both precautions effectively mitigate the risk and potential impact of ransomware attacks by making it harder to reach crucial data and infrastructure. They can also aid in identifying future threats by boosting IT and security teams’ auditing and alerting capabilities, thanks to a more granular environment.

3. Comprehensive Data Backup Strategy

Enterprise data backup and recovery are essential components of a business continuity plan, and both are relevant to your organization’s resilience to ransomware attacks.

The frequency of data backups, the scope of the data, recovery point objective (RPO), and recovery time objective (RTO) will all be examined by an underwriter. The same goes with how your backups are stored—whether that’s in the cloud, on tape, or on on-premises hard drives at an external data center. The key is first to ensure the safety of your data backups so potential attackers can’t corrupt them. The next factor is to have a swift disaster recovery process in place that can quickly access backup data and restore it in the event of a breach such as a ransomware attack.

4. Endpoint Detection and Response and Anti-Malware

Endpoint detection and response (EDR) continually monitors and analyzes endpoints such as staff workstations to mitigate malicious cyber threats by identifying security breaches as they happen and determining how they are spreading.

Anti-malware is a version of EDR that can scan your systems and networks for threats such as ransomware and remove them if detected. With endpoints numbering in the thousands for some organizations, EDR is essential to ensure the integrity of your internal systems and networks.

Underwriters will also look to see if you’ve disabled administrative privileges on all endpoints. Even one unchecked administrative user on an endpoint can lead to disastrous data breaches if the endpoint is somehow compromised.

5. Sender Policy Framework

Sender Policy Framework (SPF) is an email authentication method that detects forged sender addresses during the delivery of an email. SPF can block emails from unauthorized senders before they hit an employee’s inbox, which can help prevent threats such as phishing attacks and elaborate ransomware schemes.

6. Properly Configured Remote Desk Protocol

Remote Desktop Protocol (RDP) enables remote employees to access office desktops and other computer resources when outside of the office. This capability experienced a vast increase in usage because of the COVID-19 pandemic, but it can also leave organizations at great risk of ransomware attacks if the configuration is not set properly—as seen by the corresponding uptick in attacks since spring 2020.

Organizations are encouraged to turn off RDP unless absolutely necessary. If RDP is needed at any point, the connection should be secured by a combination of a VPN and multi-factor authentication.

Invest in Your Cyber Security Controls to Lower Insurance Rates

Ransomware attacks are not subsiding anytime soon, so don’t expect the increase in underwriter scrutiny to do so either. By investing more time and attention in your cyber security controls prior to your policy renewal or inception date, you can ensure a more favorable outcome with manageable rates and a preferable level of coverage.

The items above serve only as a starting point. For more insights into cyber coverage, be sure to check out these Woodruff Sawyer resources:

FEATURED VIDEO

Cyber Insurance: One Size Does Not Fit All
 

Related Blog Posts

Was this post helpful?

See all articles by Dan Burke

All views expressed in this article are the author’s own and do not necessarily represent the position of Woodruff-Sawyer & Co.

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn