The
The FBI noted that ransomware crimes made up about 85% of all incidents in 2020, dubbed The Year of the Digital Pandemic, a trend that has ramped up in 2021 and shows no signs of slowing.
Many insurers are focused on ransomware risk protection even though other new vulnerabilities are emerging from remote work. The new class of crimes could result in claims damages that may amount to much more than a single ransomware situation.
Recent statistics point to a troubling increase in ransomware and phishing, web application attacks and other emerging cybercrime tactics.
The Biden Administration
A new approach to cybersecurity risk prevention
Companies can regain control over cybersecurity risks with robust management processes, outlined here in six main steps (and a seventh bonus step):
- Assess your risks
- Prioritize your risks
- Determine your risk profile
- Choose your risk strategies
- Execute your risk strategies
- Measure residual risk
- Repeat Steps 1-6 all over again since things are constantly changing
Managing cyber-risk follows the same basic process and principles as managing any other risk; however, the best risk management plans are only as strong as their weakest link. When it comes to cybersecurity, that weak link is often a business’ third-party vendor.
Hiring an expert or external consultant, purchasing password protection software, backing up your files, and enabling multi-factor authentication are some quick and easy ways to ‘lock the door’ to cybercriminals. But, as ransomware and other attack vectors become more lucrative and easier to initiate, companies of all sizes will need to implement additional, more layered security measures, especially if they’re working with third parties that are equally at risk.
Companies should start by taking inventory with a thorough gap assessment of personnel and capabilities and find a way to address any discrepancies with either an internal expert or an external consultant or both, depending on needs. Next, companies should prioritize which risks are worse than others and develop a continuity plan to manage them and recover if disaster strikes.
To cover losses when an incident inevitably occurs, companies should purchase or shore up their cybersecurity insurance policiesas well as requiring that their third-party partners (e.g., suppliers, vendors, contractors, franchisees, etc.) carry a certain amount of cybersecurity coverage to pay for damages and the cost to remediate them.
How insurance verification helps
It’s not enough just to carry cybersecurity coverage — companies need to make sure the policies are adequate and haven’t lapsed. This is where verification, and ongoing reverification, of third-party cybersecurity insurance, comes into play. This simple measure is one of the most effective ways for businesses to protect themselves and their customers from the financial risk of stolen data, ransomed files and more.
Additionally, many cyber insurers now verify a company’s cyber-risk controls as part of the underwriting process, so the act of verifying cybersecurity insurance can add a second layer of verification in one. This ensures that not only do third-party vendors have coverage but that they’ve prioritized cybersecurity protection and developed a comprehensive plan of defense.
If the Digital Pandemic has taught us anything, it’s that nobody and no business is immune from an attack. Companies need to be better about verifying their supply chains and ensuring that each vendor they're working with is sufficiently covered.
Data breaches are inevitable, but businesses can and should protect themselves and their customers from third-party risk by verifying that their partners’ cybersecurity and ransomware insurance policies are active and appropriately meet the company’s needs.
