The market for cybersecurity insurance coverage increased 61% in 2021 over the prior year, reaching $6.5 billion in premiums, according to the annual
Damage from ransomware and liability for
In the context of insurance,
Two years later, now, showing that you have EDR in place is necessary to get a competitive quote for cybersecurity insurance, Wager says. Aside from the insurance coverage aspect, just having EDR, though, is not enough to ensure complete protection, according to Wager and MOXFIVE.
"Do you have the switches configured correctly? Are you protecting the front door, with all the controls and switches in the tool? Are you also protecting the back door?" he asked. His firm's Insight report counsels that using a variety of data sources, including active network discovery scan results, is necessary to ensure all the systems in a company's technical environment are protected.
Ransomware attacks became more sophisticated in the past two years, often encrypting companies' back-up operations before engaging in a denial of service or other sabotage. In some cases, EDR, MFA and other security technologies such as Crowdstrike Falcon Prevent, Mandiant or Unit 42 were still insufficient.
"The industry's starting to get wiser and savvier, and we're trying to help them understand how to ask a better question based on what's actually happening," Wager says. "It's doing the work, but then taking a step back and trying to educate."
Cybersecurity insurance coverage has to address the aftermath of ransomware attacks, not only immediate disruptions. "There's huge business interruption losses. There's downtime having to restore all your systems, upgrade or put your hardware back in place if it's been damaged. We'll help a client through that entire process," says David Derigiotis, chief insurance officer at
Ideally, the subject of an attack wouldn't have to pay a ransom, because they have the correct back-ups and can easily restore systems without an interruption of service, he added, but if that isn't possible, Embroker tries to minimize the damage and business downtime.
In the case of Zurich Insurance Group, an insurer itself realized its vulnerability, with about 100,000 endpoints to defend. Zurich turned to Tanium, a cybersecurity and systems management company that provided IT tools and solutions for security and operations. "We've been able to leverage Tanium in unique ways that fulfill use cases that sit in between IT ops team and our cyber response team," said Paige Adams, global chief security officer at Zurich, in a statement. "This helps us resolve issues like internal misconfigurations, or to spin up a response effort to handle an IT severity incident."
Just as EDR has been created as a response to ransomware, so MFA security measures are intended to block compromised sign-in credentials, sometimes caused by social engineering intrusions. Having MFA in place is now usually a prerequisite for cybersecurity coverage, according to Wager of MOXFIVE. Along with MFA, companies must understand what accounts have access to their virtual private networks, added Jim Aldridge, vice president of partnerships at MOXFIVE. When hackers can't find vulnerabilities in networks, compromising an identity is their next means of doing damage, he says.
As
"The claims volume did go down and the severity of the claims did go down, meaning the insurance carriers found a way to be more profitable," he said. "One could argue they figured out how to underwrite this better."