Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.
With cybersecurity threats on the rise, companies are increasingly taking advantage of cybersecurity insurance. And while cyber insurance can be worth it, it’ll cost you. Last year, U.S. insurers earned $1B in cyber premiums. You can minimize your premiums by showing your insurance company you’re actively mitigating cyber risks, which is a win-win: lower your risk and secure a more cost-effective insurance plan.
Purchasing cyber insurance for the first time can be intimidating because every insurance vendor has unique offerings, but here are two best practices on how to approach cyber insurance to ensure it’s a good fit and cost-effective for your company:
- Do your homework. Determine what aspects of the cyber security framework are most important to your organization, what your organization/team will be responsible for, and what makes sense for your organization to outsource to a cyber security insurance provider.
- If you don’t ask, you’ll never receive. Ask your prospective cyber security insurance providers what discounts are available to lower your premiums. Many providers will offer discounts if you can prove you have proper threat prevention, data security and data protection in place to lower your risk of, and time to recover from, a breach or other cybersecurity attack. Here are a few to ask about:
- Are discounts available if we are using specific trusted services for business applications?
- Are discounts available if we meet standards related to data security and protection?
- Are discounts available if we have third party certification of our security processes and protocols?
If your cyber insurance vendors do offer incentives or discounts for companies who meet high data security and protection standards, they will likely focus on specific processes and controls. Here are five best practices that are most effective in reducing cyber risk:
- Build a risk-aware culture. Step one is accepting that every single employees is a risk due to actions such as opening a suspect email attachment, using an infected flash drive or failing to install a security patch on their laptop. Invest resources and time in educating your employees about cyber risks and the measures they can take to protect themselves and the company.
- Defend the workplace. Ensure all devices connected to a network - from a laptop to a printer to a smart TV - are up to date with the latest security software and patch updates and follow all cyber security management and policy enforcement.
- Regularly back up all your data. Whether your data is on-premise or in the cloud, protect it with a backup and recovery solution to ensure timely restoration that meets or exceeds the expectations of your business. Today, companies are turning to cloud applications like G Suite, Salesforce and Office 365 in accelerating numbers, yet many are still unaware that SaaS providers are focused on ensuring they can recover data lost due to an issue on the service’s end—the providers are not in a position to recover data that was accidentally deleted via user error or maliciously deleted or locked via ransomware, hacking, malware, etc. Prevent data loss and downtime with automated SaaS data backup systems that deliver point-in-time restore.
- Security by design. One of the biggest vulnerabilities in information systems - and wastes of money - comes from implementing services first and adding security as an afterthought. Build security into your IT initiatives from the beginning and maintain regular tests to track conformance and compliance.
- Control network access. Companies that channel registered data through monitored access points will have a far easier time spotting and isolating malware. Ensure you have procedures in place to manage the access and permissions of your employees. If an employee leaves, you must have the control to revoke any access they have to company, client and vendor information.
Taking these proactive steps will not only lower your cyber insurance premiums, but also improve your company’s cyber security position. Protection against today’s cyber threats is a team effort so make practicing good cyber health a priority for the entire company. While there’s no one way to achieve absolute security, there’s a lot you can do to safeguard against attacks, ensure timely identification, be ready to quickly recover, and ultimately keep the attacks from crippling your business if they do occur.
Spanning by Dell EMC is a leading provider of backup and recovery for SaaS applications, helping organizations protect their information in the cloud.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.