FEATURE
providers are also instituting demands on policies that require compliance with key security measures .
For instance , some carriers are including security controls such as Endpoint Detection and Response ( EDR ) systems and patching schedules and other requirements in order to satisfy themselves that their insurance model is sustainable .
Furthermore , research suggests that organisations that see a decline in ransomware attacks and payment claims through the prioritisation of prevention and recovery procedures will go a long way with cyber insurers towards securing coverage .
In turn , these companies can implement cyber insurance as another valid component of a robust security risk strategy , helping it become far more valuable to their business than a simple transfer of risk .
Security and insurance can ’ t be an either / or proposition
In the modern ransomware threat environment , two things are certain . Firstly , to qualify for cyber insurance or renewal , organisations ’ technology stacks have got to meet certain high standards .
Secondly , organisations have got to transfer some of the risk of a ransomware attack and obtain insurance as a key part of their cyber risk and recovery strategy . system , organisations will have to tighten up their security posture .
During the underwriting process , insurers will be selective with risks and , as already stated , will be ready to walk away if anything is amiss .
Therefore , organisations seeking coverage will not only need to know the key controls for ransomware attacks from back to front , they will also need to be prepared to be fully transparent about their security stack and be able to justify the extent to which it mitigates risk .
This level of cyber maturity and leadership isn ’ t always readily available in many organisations .
As well as altering terms of coverage such as price and limits , insurance
The problem is , many organisations are still viewing this as an either / or proposition , driving losses and – in a vicious cycle – contributing even further to the dramatic changes in how insurers are pricing risk at the moment .
As with any type of insurance , uncertainty leads inevitably to higher costs and fewer options . In order to protect themselves from the everevolving threat of ransomware , companies need to stop choosing between investing in a better security stack or getting insurance cover – they now need to do both . u www . intelligentciso . com
39