Cyber liability insurance, also known as cyber insurance, is a type of insurance that provides coverage for losses and damages resulting from cyber attacks, data breaches, and other types of cyber incidents.
As the rate of ransomware attacks soars – up 71% in the past year and fueled by billions of stolen credentials available on the dark web – threat actors increasingly make use of lateral movement to successfully spread payloads across an entire environment at once. Major companies, including Apple, Accenture, Nvidia, Uber, Toyota, and Colonial Pipeline, have all been victims of recent high-profile attacks resulting from blind spots in identity protection. This is why underwriters have put stringent measures in place that companies must meet before being eligible for a policy.
Skyrocketing claims in 2020 led insurance companies to drastically rework the criteria for acquiring or renewing cyber insurance. Today, companies face a completely changed landscape, with organizations required to demonstrate the ability to fend off ransomware attacks via a wide array of security controls. For example, underwriters now require specific identity security measures to be in place, including the ability to enforce multifactor authentication (MFA) across internal and external admin access within the environment as well as monitor and protect all privileged accounts to prevent the lateral movement threat actors perform to spread the ransomware in the targeted environment.
A challenge here is that there is no MFA solution that can protect the command-line access tools attackers utilize to launch this lateral movement. Furthermore, there is no built-in utility for the protection of highly privileged machine-to-machine connections (called service accounts) that attackers typically compromise.
Cyber liability insurance, also known as cyber insurance, is a type of insurance that provides coverage for losses and damages resulting from cyber attacks, data breaches, and other types of cyber incidents.
Cyber liability insurance typically covers the following:
It is important to note that cyber liability insurance policies vary widely in terms of the types of coverage offered, the limits of liability, and the exclusions and conditions. Organizations should carefully review their insurance policies to ensure that they have the coverage they need to protect against potential cyber incidents.
New cyber insurance regulations require the extension of MFA to all users and resources included in the new cyber insurance checklist, including email, remote network access, and internal/external admin access.
Because the the implementation of MFA for Cyber Insurance is a tested and proven solution for preventing the propagation of ransomware attacks.