Wednesday 9 February 2022

While we can’t tell you what your exact insurance needs are, what we can do is offer 5 ways to help you be prepared for a breach and help contribute towards bringing your cyber insurance premium down.  We have looked at useful cyber security considerations and come up with some best practices to maintain your cyber security hygiene.  


In a world that is continuously impacted by COVID-19, 2021 became a year of adaptation as billions around the world learned to accept the status quo. Organisations continue to operate on a largely remote basis whilst dealing with an increased attack surface.   


The result has been a sharp increase in attacks, with ransomware and supply chain attacks causing a significant impact. The cyber insurance sector, a field that covers a company’s liability for a data breach or cyber-attack, has faced an unprecedented volume of claims as a result, with many establishing record costs stemming from such attacks.  


The prerequisites and baseline entry requirement for those looking to renew or obtain cyber insurance coverage have dramatically increased in response to an unprecedented volume of claims of preventable cyber attacks. It is simply not a matter of if you are attacked but when. A staggering 46% of all UK businesses identified at least one breach or attack in the last 12 months, now more than ever you should review your pre breach and incident response strategies. Preparing for the attack before it strikes protects business continuity and reduces the level of monetary damage that could occur. 


Do you have a Plan of Action and Policy to support it? 

Incident Response Preparedness is designed to raise your organisation’s resilience in the event of a breach to minimise the impact of an attack. Incident Response Preparation is key; therefore, it is important to build the foundations of your incident response capability, processes, and resilience. Assessing your capacity for managing an incident and setting the processes and training in place to manage them before they happen. 

Does your organisation have dedicated roles defined in the form of a CSIRT (Cyber Security Incident Response Team), if there is an incident? 

Having the key roles identified, and their responsibilities defined to tackle a major cyber crisis can be the difference between swift detection and containment and a breach becoming a significant issue. Moreover, are your executives aware of their role during an incident, and is there a defined RACI (Responsible, Accountable, Consulted, Informed) chart established?


Do you have Incident Response Runbooks with clearly defined attack use cases to guide you through an incident? Are they up to date? 

Knowing the actions to take to Prevent, Detect, Contain, Eradicate and Recover from a Ransomware attack are different from a Distributed Denial of Service attack or Data Loss. Knowing the intricate nature of incident response actions, when and how to act is vital to reducing the likelihood of a massive loss to reputation and financial impact. 


Have you got the right monitoring in Place (MDR)?

Think about Crawl, Walk, Run… start with a strategic deployment and build this up over time. Without a focus on detecting new and unseen attacks, organisations are left exposed and vulnerable to large scale breaches and the full spectrum of associated potential damage. Thus regulators, organisations, and business stakeholders are seeking next generation solutions that provide clearer, less static, and more responsive and auditable protection. The best approach to proactive cyber security requires both technology that can identify potential attacks and skilled cyber security analysts who are armed and ready to investigate and mitigate these threats. 


Have you provided sufficient training in the right places? Such as First-Responder, Incident Response and basic digital forensics training? 

Having a process is one thing but ensuring that you have enabled your team to understand the actions they should take during an incident, the core tactics deployed by attackers, techniques for containment, eradication of the attack, and how best to prepare controls and monitoring to reduce the likelihood to the attack re-occurring is vital.



In summary we can learn from the many organisations that have suffered a major cyber crisis, there are those that have unfortunately suffered significant consequences, and those we rarely see in the press that continuously focus on preparation, refinement of controls, testing plans, and training against their very own worst-case scenarios.


There is the famous saying “fail to plan, plan to fail”, whilst it is not as clear cut when it comes to cyber security incidents, having a robust, well-rehearsed plan, and monitoring of your critical assets will go a long way in reducing the impact of an incident.  

When it comes to cyber insurance, the requirements for obtaining these have certainly become stricter over the last 12-18 months, but can you blame them? A perfect storm of major cyber-attacks and changes to how organisations work led to insurance providers re-evaluating the baseline requirements for entry / renewal.  


As detailed in the article, it will only work to your benefit by having a robust set of Incident Response plans, runbooks, and monitoring in place, to reduce the likelihood of a security incident becoming a major crisis and could indeed have a positive outcome when it comes to those important insurance renewals.  

Join our Cyber experts on the 23rd of February for our webinar on - How To Reduce Your Cyber Insurance Premium & Be Prepared For That Breach. 

Register here

No comments:

Post a Comment