• August 31, 2022
  • Catagory cybersecurity

Insurance not a substitute for good cybersecurity

By : Justin Folkerts

You don’t use auto insurance as an excuse to drive recklessly, so why would you cut corners on cybersecurity because you have ransomware insurance?

With ransomware attacks doubling in 2021 compared to the previous year – due in large part to the massive shift to remote work – the average cost of a data breach grew to record levels by more than 10% in 2021 as threat actors took advantage of a broader attack surface that resulted from a hybrid work environment.

Much of the costs of these breaches were covered by insurance, including ransom payments, but cybersecurity insurance providers are becoming more selective with their coverage as payouts have increased – qualification processes are more rigorous and the threshold for a payout is getting higher.

If you were depending on cybersecurity insurance without a data protection strategy, you need to seriously rethink how you implement security in your organization.

As ransomware attacks rise, so do premiums

For starters, the number of ransomware attacks is only going to get higher as more and more threat actors with a wide array of experience and expertise look to make money off data breaches – cybersecurity insurance is not going to be enough to save your business.

It’s not that you should cancel your insurance – you should be prepared to pay more – but you must also have people, processes, and technology in place to secure your business and sensitive customer data. Making an insurance claim should be a last resort – no matter how much you pay for it, it won’t bring your data back if you fall victim to a successful attack.

You really don’t want to be paying the ransom, even though many companies go that route – that only emboldens the bad guys to keep at it. Some insurance companies are no longer even covering ransomware payouts. If cybersecurity insurance premiums are going up and not covering what they used to, it’s time to implement better security practices – prevention is much more affordable in the long run.

Your MSP can help you up your security game

Cybersecurity awareness should be something that touches everyone in your organization, including the understanding that a data breach costs the business money – and your insurance provider expects you to raise your game to take a more proactive stance with security.

Even if you’ve put the effort into your cybersecurity, keeping it current and staying on top of all the threats can be daunting. With so many systems, endpoints and users, visibility is you biggest challenge, and understanding the threats, attack surfaces and vulnerabilities requires a great deal of time and resources, including skilled people.

That’s why you should turn to your managed service provider for guidance – they’ve got to contend with rising insurance premiums too and know that prevention is better than getting the cost of a ransomware attack covered. They already have visibility into your infrastructure and can help you put all the people, processes, and technology in place so you can qualify for cybersecurity insurance but hopefully never have to use it.