While we can’t tell you what your exact insurance needs are, what we can do is offer 5 ways to help you be prepared for a breach and help contribute towards bringing your cyber insurance premium down. We have looked at useful cyber security considerations and come up with some best practices to maintain your cyber security hygiene.
In
a world that is continuously impacted by COVID-19, 2021 became a year of adaptation
as billions around the world learned to accept the status quo. Organisations
continue to operate on a largely remote basis whilst dealing with an increased
attack surface.
The
result has been a sharp increase in attacks, with ransomware and supply chain
attacks causing a significant impact. The cyber insurance sector, a field that
covers a company’s liability for a data breach or cyber-attack, has faced an
unprecedented volume of claims as a result, with many establishing record costs
stemming from such attacks.
The
prerequisites and baseline entry requirement for those looking to renew or
obtain cyber insurance coverage have dramatically increased in response to an unprecedented
volume of claims of preventable cyber attacks. It is simply not a matter of if
you are attacked but when. A staggering 46% of all UK businesses identified at
least one breach or attack in the last 12 months, now more than ever you should
review your pre breach and incident response strategies. Preparing for the
attack before it strikes protects business continuity and reduces the level of
monetary damage that could occur.
Do you have a Plan of Action and Policy to support it?
Incident
Response Preparedness is designed to raise your organisation’s resilience in
the event of a breach to minimise the impact of an attack. Incident Response
Preparation is key; therefore, it is important to build the foundations of your
incident response capability, processes, and resilience. Assessing your
capacity for managing an incident and setting the processes and training in
place to manage them before they happen.
Does
your organisation have dedicated roles defined in the form of a CSIRT (Cyber
Security Incident Response Team), if there is an incident?
Having
the key roles identified, and their responsibilities defined to tackle a major
cyber crisis can be the difference between swift detection and containment and
a breach becoming a significant issue. Moreover, are your executives aware of
their role during an incident, and is there a defined RACI (Responsible,
Accountable, Consulted, Informed) chart established?
Do
you have Incident Response Runbooks with
clearly defined attack use cases to guide you through
an incident? Are they up to date?
Knowing
the actions to take to Prevent, Detect, Contain, Eradicate and Recover from a
Ransomware attack are different from a Distributed Denial of Service attack or
Data Loss. Knowing the intricate nature of incident response actions, when and
how to act is vital to reducing the likelihood of a massive loss to reputation
and financial impact.
Have
you got the right monitoring in Place (MDR)?
Think
about Crawl, Walk, Run… start with a strategic deployment and build this up
over time. Without a focus on detecting new and unseen attacks, organisations
are left exposed and vulnerable to large scale breaches and the full spectrum
of associated potential damage. Thus regulators, organisations, and business
stakeholders are seeking next generation solutions that provide clearer, less
static, and more responsive and auditable protection. The best approach to
proactive cyber security requires both technology that can identify potential
attacks and skilled cyber security analysts who are armed and ready to
investigate and mitigate these threats.
Have
you provided sufficient training in the right places? Such as First-Responder,
Incident Response and basic digital forensics training?
Having
a process is one thing but ensuring that you have enabled your team to
understand the actions they should take during an incident, the core tactics
deployed by attackers, techniques for containment, eradication of the attack,
and how best to prepare controls and monitoring to reduce the likelihood to the
attack re-occurring is vital.
Summary:
In
summary we can learn from the many organisations that have suffered a major
cyber crisis, there are those that have unfortunately suffered significant
consequences, and those we rarely see in the press that continuously focus on
preparation, refinement of controls, testing plans, and training against their
very own worst-case scenarios.
There
is the famous saying “fail to plan, plan to fail”, whilst it is not as clear
cut when it comes to cyber security incidents, having a robust, well-rehearsed
plan, and monitoring of your critical assets will go a long way in reducing the
impact of an incident.
When
it comes to cyber insurance, the requirements for obtaining these have
certainly become stricter over the last 12-18 months, but can you blame them? A
perfect storm of major cyber-attacks and changes to how organisations work led
to insurance providers re-evaluating the baseline requirements for entry / renewal.
As
detailed in the article, it will only work to your benefit by having a robust
set of Incident Response plans, runbooks, and monitoring in place, to reduce
the likelihood of a security incident becoming a major crisis and could indeed
have a positive outcome when it comes to those important insurance
renewals.
Join our Cyber experts on the 23rd of February for our webinar on - How To Reduce Your Cyber Insurance Premium & Be Prepared For That Breach.
No comments:
Post a Comment