Most companies’ biggest concern today is not just cyber-attacks, but what the gaps they have in their processes and IT environment might mean for their cybersecurity insurance premiums.
“It’s gotten so expensive,” says Benjamin Simms, Vice President of Blue Technologies Smart Solutions. “For a midsized organization, cybersecurity insurance costs might have increased four times in a year.”
As insurers try to reduce their risk exposures, companies are still undergoing a digital transformation that may stand to broaden their attack surface. These businesses are grappling with a lot of newer technologies — a new content management system that they’re trying to integrate with their current ERP and CRM systems — while trying to do it in a way that doesn’t drive their premium costs even higher.
Smart Business spoke with Simms about mitigating insurance premiums by adhering to a solid cybersecurity framework.
What’s driving insurance increases?
As breaches multiply, some insurance companies are exiting the cyber insurance space. Those that stay in the game are adding more requirements on organizations that want coverage, raising the bar for compliance so that there are fewer exposures. Compliance could mean improving the technology stack, but it’s also helping organizations set policies and procedures that offer more security control over who can access what, when and how.
Insurance companies want to understand where the company’s cybersecurity stands today, where it needs to be, and the road map to get there. Business leaders are often leaning on managed security services providers (MSSP) to help them better understand what changes to make and how those decisions affect their objectives.
How do companies begin to address their cybersecurity environment?
When making significant changes to their technology, business leaders need to prioritize based on where they’re going to get the biggest return on their investment. A managed services provider (MSP) or MSSP can help them understand where investments are critical by running the programmatic and physical assessment of the current technology stack. But that’s only going to give leadership part of the story. To get the full picture, it’s important to talk with individual stakeholders to get better insight into where help is urgently needed.
With those areas identified, it becomes a matter of understanding the impact of one change over another, to determine where there is an economic justification to act. That gives leaders a numerical value of how to prioritize next steps.
The other aspects are safety and business continuity. Having vulnerable systems creates a cost, so it’s important to assess the company’s risk exposures to determine where weak points exist.
How does remote work factor into these decisions?
As companies continue adapting to remote and hybrid work situations, some are still having issues providing employees access to all the information they need to do their jobs. Companies need technology that allows them to view everything they need to make decisions. For many organizations, that means having information stored on a shared drive. Those might not be that secure, an issue that would likely be exposed in an assessment. Insurance companies want to see data that’s encrypted not only in transit, but at rest.
When a company’s exposure broadens because of remote work, insurance companies want the security hierarchy and schema to meet their compliance standards to mitigate risk. An MSP/MSSP can conduct an assessment to determine if a company’s technology stack is in the right shape to avoid higher insurance premiums. This process can also help securely provide employees with a way to work more seamlessly from home.
Companies can establish a relationship with an MSP/MSSP so that when technology updates need to happen to combat new threats, they can integrate that into a familiar system with minimal disruptions. Because of the expertise that these MSP/MSSPs have, they can also offer insight into what’s down the road, helping companies stay ahead of the curve, or at least ahead of the competition. ●
INSIGHTS Technology is brought to you by Blue Technologies, Inc.