What is Cyber Insurance ?

What is Cyber Insurance?

Cyber liability insurance, also known as cyber insurance, is a type of insurance that provides coverage for losses and damages resulting from cyber attacks, data breaches, and other types of cyber incidents.

What is the Scope of the Cyber Insurance Threat?

As the rate of ransomware attacks soars – up 71% in the past year and fueled by billions of stolen credentials available on the dark web – threat actors increasingly make use of lateral movement to successfully spread payloads across an entire environment at once. Major companies, including Apple, Accenture, Nvidia, Uber, Toyota, and Colonial Pipeline, have all been victims of recent high-profile attacks resulting from blind spots in identity protection. This is why underwriters have put stringent measures in place that companies must meet before being eligible for a policy.

What New Measures are Now in Place?

Skyrocketing claims in 2020 led insurance companies to drastically rework the criteria for acquiring or renewing cyber insurance. Today, companies face a completely changed landscape, with organizations required to demonstrate the ability to fend off ransomware attacks via a wide array of security controls. For example, underwriters now require specific identity security measures to be in place, including the ability to enforce multifactor authentication (MFA) across internal and external admin access within the environment as well as monitor and protect all privileged accounts to prevent the lateral movement threat actors perform to spread the ransomware in the targeted environment.

A challenge here is that there is no MFA solution that can protect the command-line access tools attackers utilize to launch this lateral movement. Furthermore, there is no built-in utility for the protection of highly privileged machine-to-machine connections (called service accounts) that attackers typically compromise.

Frequently Asked Questions

  • What does cyber liability insurance cover?

    Cyber liability insurance, also known as cyber insurance, is a type of insurance that provides coverage for losses and damages resulting from cyber attacks, data breaches, and other types of cyber incidents.

    Cyber liability insurance typically covers the following:

    1. Data breaches: Coverage for the costs of responding to and managing a data breach, including notification expenses, credit monitoring services, public relations, and legal fees.
    2. Business interruption: Coverage for losses resulting from downtime caused by a cyber incident, including lost income and additional expenses.
    3. Ransomware attacks: Coverage for the costs of responding to a ransomware attack, including payment of ransom demands, data recovery, and business interruption losses.
    4. Cyber extortion: Coverage for costs incurred in response to cyber extortion threats, such as ransom demands or website attacks.
    5. Liability: Coverage for third-party claims arising from a cyber incident, such as customer lawsuits or regulatory penalties.
    6. Cyber crime: Coverage for losses resulting from cybercrime, such as online fraud or theft of electronic funds.

    It is important to note that cyber liability insurance policies vary widely in terms of the types of coverage offered, the limits of liability, and the exclusions and conditions. Organizations should carefully review their insurance policies to ensure that they have the coverage they need to protect against potential cyber incidents.

  • What are the requirements for cyber insurance?

    New cyber insurance regulations require the extension of MFA to all users and resources included in the new cyber insurance checklist, including email, remote network access, and internal/external admin access.

  • Why have insurance brokers required new MFA requirements?

    Because the the implementation of MFA for Cyber Insurance is a tested and proven solution for preventing the propagation of ransomware attacks.