The cyber threat landscape in Australia continues to be a challenge for businesses, with more frequent and serious ransomware attacks and data security breaches. The rise in remote work arrangements over the last two years has created the perfect environment for cybercriminals to exploit vulnerabilities and attack organisations in every industry.
The Australian Cyber Security Centre regularly warns organisations about protecting themselves from the ever-increasing risks of cyber threats, and as a result, many companies are choosing to take up cyber insurance as a means to reduce their risk. However, due to the increased number of claims occurring over the last few years, the cyber insurance market has rapidly evolved, with insurance companies increasing premiums and requiring additional information for underwriting.
Businesses that take a proactive approach to cybersecurity by deploying ongoing risk assessment and management, while investing in robust cybersecurity protocols and measures will be best placed to reduce their cyber insurance premiums while maintaining the most appropriate coverage.
Why are cyber insurance premiums rising?
Since the beginning of the COVID-19 pandemic, there has been a significant uptick in the frequency and severity of cybercrime. As businesses and employees were forced to shift to remote work, more people were online and vulnerable to ransomware and phishing attacks. Small businesses without the same protection as larger corporations are particularly vulnerable and can ill-afford the average cost of a data breach of AU$3.35 million.
As a result of increased cyber-attacks, insurers have seen higher cyber insurance claim rates, with unsustainable financial returns. The heightened risk for policyholders has forced insurance providers to evaluate their business models and be more careful about who they insure, which has in turn pushed insurance premiums upwards. In the first half of 2021, cyber insurance premiums in Australia increased by 80%, with claim numbers also increased by 50%.
It has never been more vital for you to protect your business to prevent financial loss and business interruption. Preventive measures are the best approach to cybersecurity, by investing in risk management and robust cybersecurity tools, which in turn can lower the price of your cyber insurance premium.
Ways to reduce your cyber insurance premium
To ensure your business data is always secure and to reduce your cyber insurance premiums, always ensure the following security practices and solutions are in place:
- Multi-factor authentication: The majority of Microsoft enterprise accounts that are hacked do not have multi-factor authentication (MFA) activated. Using MFA on applications immediately increases account security by requiring multiple methods of verification to verify your identity upon login. Start with email, and then apply MFA wherever it is available.
- Data backup and recovery: Having a full data backup can make the difference between completely losing all data and completely recovering business operations loss after a ransomware attack. A custom data back and recovery strategy should be developed for the business.
- Secure remote access: With remote and hybrid work models so intrinsically a part of business today, employees are no longer confined to controlled working environments. Instead, they often have remote access to company resources, which increases the risk of data breaches. Ensure secure remote access protocols and security practices are upheld.
- Regularly patch/update: ensure all software and applications are regularly updated and patched immediately if required, to prevent cybercriminals from exploiting vulnerabilities to access your network or systems.
- Password manager: keeping track of multiple passwords can be a challenge and leads to the reusing of the same password across multiple applications. Password managers are encrypted vaults to store passwords and can only be accessed through one master password. A significant 90% of passwords are vulnerable to being hacked and 80% of data breaches are due to poor password security. Ensure strong passwords are used, such as those generated through a password manager, rather than multiple use of the same password or easy-to-guess passwords.
- Ongoing risk assessment and management: Cyber insurance companies need to see your business undertake ongoing risk analysis and management, as the cyber threat landscape is constantly changing and what is safe today may not be tomorrow.
- Data encryption: An encrypted file is one in which the data is scrambled, making it impossible for anyone other than the intended recipient to access it. If your organisation suffers a data breach as a result of a lost device and your data is not encrypted, you may face severe fines and penalties.
- Cybersecurity awareness training: Human error accounts for 60% of claims. A culture of cyber risk awareness that holds everyone accountable can help avoid this.
- Complying with security frameworks: Some insurance providers offer discounts or lowered premiums if your company has adopted a well-known security framework such as The Essential Eight or Internationally recognised standards like the ISO series. These frameworks typically cover fundamental security measures and therefore signify that you are adhering to excellent security methods and meeting sufficient standards.
- Oversight by a managed IT services provider: Cyber-attacks can happen at any time and it can be helpful to have the dedicated services of a security provider to monitor your IT infrastructure and take immediate action if a threat is detected.
Reduce your business cyber insurance risk profile with security experts
Organisations can significantly reduce the risk of serious business and financial consequences from a successful cyber-attack by leveraging the expertise of managed security services while demonstrating to their cybersecurity insurance their overall security posture is hardened to withstand cyber-attacks. INTELLIWORX are security specialists who can offer bespoke solutions to suit enterprises, from 24/7/365 monitoring to remote protection and customised security hardware. Safeguard your data and systems and reduce your risk profile with the managed security experts at INTELLIWORX.