SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber resilience vital for securing cyber insurance
Wed, 10th Jan 2024

In the ever-evolving landscape of the digital era, cybersecurity threats pose a persistent challenge to businesses, catalysing marked surge in demand for cyber insurance policies. However, in a constant race against escalating security risks, enterprises find themselves amidst mounting pressure to not only ensure their digital safety but also to satisfy increasingly stringent security requisites set by cyber insurance companies.

As highlighted by Sean Tilley, the Senior Director of Sales of EMEA at 11:11 Systems, businesses thrive on technology for operational efficiency, concurrently grappling with the challenges and risks in the facet of cybersecurity. "As cyber threats continue to be a persistent concern for businesses, there has been a marked surge in demand for cyber insurance as companies recognise the importance of financial protection in the face of data breaches, ransomware attacks, and other cybersecurity incidents," Tilley stated.

Despite diligent measures to minimise risk, cyberattacks can inflict significant financial losses—a gap effectively bridged by cyber insurance policies, he pointed out. He explained that businesses transfer this risk to the insurer with the aim of mitigating financial repercussions as much as possible. Nonetheless, the escalating frequency of cyber incidents has prompted insurance companies to reassess the risk exposure in their portfolio, thereby adjusting policies to contain the scale of liability.

Tilley underscored the dynamic nature of threats, which necessitates an evolving landscape of cyber insurance, thereby spurring insurers to raise the bar on security requirements. However, he pointed out a crucial consideration that can help improve an enterprise's risk profile ahead of a potential attack: corporate cyber resilience. "Fundamental to this is cyber resilience within the broader framework of operational resilience. Operational resilience is the ability of an organisation to continue its critical functions and deliver services in the face of various disruptions," he mentioned.

The Senior Director of Sales of EMEA at 11:11 Systems elucidated on a few key pointers that underwriters use to evaluate the level of risk involved in insuring an organisation. These parameters range from the type of industry the business operates in to the efficiency of systems, tools, and processes used to combat cybersecurity threats. Moreover, the businesses are required to carry out specified security activities like penetration testing on a frequent basis—failing to which can nullify the policy.

A beneficial course of action to secure and sustain insurance coverage is by partnering with a Managed Service Provider (MSP). MSPs provide companies with expert advice, assist with risk analysis, security compliance, and incident response planning, helping them stay prepared for the digital age's challenges. Tilley stated, "Working together, companies are able to meet the stringent requirements of cyber insurance policies and enhance their overall cyber resilience, which in turn improves operational resilience."

Insurers tend to favour organisations associated with MSPs specialising in cybersecurity, elaborating further on the benefits of such partnerships, Tilley included proactive monitoring, data backup and recovery, incident response, security updates and patch management, employee training, and efficient documentation of security measures, incident response plans, and security audits.

In conclusion, Tilley emphasised the value of strong backup and recovery procedures, and how they bolster an organisation’s overall cybersecurity stance while also improving their eligibility for cyber insurance coverage. "Partnering with Managed Service Providers, like 11:11 Systems, can help alleviate the burden of managing cyber and operational resilience, ensuring that the organisation remains agile and resilient in the face of ever-evolving threats and, crucially, stay compliant with the terms of its cyber insurance policy," he concluded.