Cyber insurance underwriters are increasingly focusing on EDR and MFA solutions for cyber loss prevention and IT risk management, even as conventional user id/password security setups are no longer adequate to protect against evolving threats. Profitability and compliance standards will likely gain importance among insurance vendors in the years ahead. This article explains why.
Losses Surpassing Premiums Create Concerns for Cyber Insurance Underwriters
Recent years have witnessed an exponential increase in cyber threats such as spyware attacks and zero-day attacks. As many organizations continue with remote work setups, post the pandemic, the need for companies to invest in data security has gained immense importance. According to Aberdeen Strategy & Research, the number of cyber insurance policies has increased globally by around 90% between 2016 and 2020, with the overall value of insurance policies also increasing by more than 60%.
Furthermore, while the value of premiums has increased, there has also been a substantial increase in losses due to payouts, reducing the profitability of insurance underwriters. Aberdeen’s research further suggests that losses have surpassed premiums for 4 of the leading 20 insurance underwriters. Exponential increases in data breaches, ransomware variants, and malicious actors focusing on company supply chains make vendors wary in multiple sectors.
Cyber Insurance Growth 2016 – 2020
Source: Aberdeen Strategy & Research
As seen in the image above, this situation has resulted in higher insurance costs for companies and made it difficult for insurance buyers to acquire policies suitable to their requirements.
According to a 2022 IBM report, cyber attacks exploiting vulnerabilities have increased by more than 30% in the past two years. Organizations are more likely to be targeted by malicious actors than not. Consequently, cyber insurance vendors have become wary about the increased payouts to policyholder companies and have taken measures to minimize financial risks. As a result, the use of MFA and EDR in cyber security plans has become a standard requirement for cyber insurance.
See More: Thinking of Insurance Fraud as a “Cost of Doing Business” Needs to End
Standard Compliance Requirements for Cyber Insurance are Key
In recent years, organizations around the world have been dealing with significant cybersecurity risks, including supply chain issues, data breaches, spyware, and ransomware. As per Aberdeen’s latest research, more than 50% of small and large businesses suffered data breaches and unplanned downtime in the last year alone. This has been exacerbated by a relatively low level of compliance standards, especially among SMBs, as seen in the image below.
Cyber Risks Faced by SMBs
Source: Aberdeen Strategy & Research
As per the latest insights from Aberdeen Strategy & Research, compared to 2016, the correlation of premium amounts to coverage amounts has fallen approximately from 80% to 60%.
Cyber insurance vendors will typically conduct assessments of their clients per a preset minimum requirements standard. These can include zero-trust models, optimized patch management, strict access hierarchy management, and adequate backup solutions as per organizational requirements.
- Zero-trust models: This security approach needs all team members and third-party participants to undergo regular security checks before being given access to data and systems. It is especially beneficial due to the rising requirements of remote and hybrid networks.
- Patch management: Insurers also assess a business’s patch management practices. This helps them recognize organizational assets that are easy targets for malicious actors. Patches can include regular updates for security controls such as antivirus and firewalls.
- Access management: These are organizational rules and policies that companies can use to control and track users’ activities. It includes granting administrative privileges and managing access rights. Privileged access management (PAM) is not only necessary to comply with insurance requirements but will also help organizations be compliant with data privacy and security laws around the world. More recently, multi-factor authentication (MFA) and endpoint detection and response (EDR) have also been added to this list.
- Multi-factor authentication (MFA): MFA users must authenticate multiple credentials such as PINs, passwords, facial recognition, and fingerprint identification to access networks or systems. MFA can protect accounts from most types of cyber attacks. It is an excellent solution for email, admin, and remote access.
- Endpoint detection and response (EDR): EDR solutions monitor devices in real-time to detect and appropriately respond to cyber threats. It is aimed explicitly at isolating infected devices to minimize infiltration.
See More: The Future of Insurance: Claims Automation
Lesser Known Threats Against MFA and EDR Protections
As organizations move towards the adoption of MFA and EDR, cyber attackers have also started adapting to the change to bypass these protections. In November 2022, Microsoft warned about the threat to MFA users. Attacks used against MFA defenses include the following:
- Pass the Cookie: These attacks use browser cookies to access the resources of a target. Hackers accomplish this by breaking into a company device, stealing cookies, and passing them to other systems or browsers, circumventing MFA checks. This threat is becoming common with the increase in remote work setups.
- Adversary-in-the-middle: Attackers using this approach insert fake frameworks between applications and users, allowing them to steam user credentials and MFA tokens.
EDR by itself is not adequate to protect an organization’s resources. With numerous new malware popping up on a daily basis. Authentication through signatures is a time and resource-intensive task. The rapid growth of remote users, IoT, and cloud-based solutions has further boosted the number of endpoints to keep track of.
Security teams often receive thousands of EDR alerts each day, with a substantial number being false positives. This makes an adequate response difficult to carry out, potentially minimizing the effectiveness of endpoint detection and response solutions.
Insurance vendors are likely to keep an eye on these threats and adjust their offerings accordingly. It is crucial for organizations to include measures such as reducing session times and setting up phishing-resistant MFA measures in addition to automating the prevention of endpoint attacks. This will not only help them keep up with security requirements but will also help them gain better insurance policies suited to the company’s requirements.
See More: Why Are Small Businesses Suffering for Steep Cyber Insurance Premiums?
How Insurance Providers Bolster the Adoption of MFA and EDR
With these requirements gaining prevalence, policy vendors are pushing buyers to improve cyber security setups. For organizations to get better insurance policies, they will now have to reduce the risk to the underwriters.
Rise in MFA and EDR Adoption by SMBs
Source: Aberdeen Strategy & Research
Insurance providers are actively working towards applying controls, especially in terms of endpoint and weak password vulnerabilities, which can also help in disaster recovery. Endpoint detection and response systems have gradually started to replace conventional antivirus solutions. These solutions surpass basic signature-based solutions, with the ability to isolate or shut down infected devices, halt processes, and remove suspicious files.
As you can see in the image above, the adoption of MFA has grown strongly (65%) in response to the popularity of automated credential-stuffing cyber attacks. More than 70% of SMBs have adopted endpoint detection and response measures. While username-password authentication remains the most popular security measure (93%), EDR and MFA adoption is likely to incrementally replace passwords in years to come.
See More: Why Cyber Insurance Should Be a Part of Your Cybersecurity Strategy
Earlier, insurance renewal applications for cyber liabilities were fairly straightforward for both insurance vendors and buyers. The processes required minimal consumer information. However, with the evolution of cyber attacks, organizations must remain vigilant about changing trends from underwriters and adopt innovative security measures to keep their businesses running in a highly competitive environment.
Did this article help you understand the facets of cyber insurance for your organization? Share your thoughts with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
MORE ON CYBERSECURITY