Amidst an environment of ever-increasing digital threats, growing numbers of organisations are turning to cyber insurance as a means of protecting against the fallout from attacks.

These organisations are hoping insurance payouts will help defray the potentially high costs caused by disruption to business activity and hits to corporate reputation.

The motivation for this thinking is clear. According to research by the WatchGuard Threat Lab, there are more than 148,000 malware attacks launched around the world every day. Should an attack be successful, a victim company may need to dedicate a sizable portion of its resources to restoring critical systems and placating customers and suppliers.

Insurers demand greater protective measures 

As a result of this heightened interest in cyber insurance, the firms providing cover are introducing new requirements for their clients to invest in cyber defences. If any are found not to have adhered to guidelines, they could find their policies void. 

One of the most widespread requirements being demanded by insurance companies is that organisations seeking cyber cover put in place elements such as a system of multi-factor authentication (MFA), regular data backups, and thorough cyber incident response plans.

Larger firms may also be required to demonstrate they have a dedicated cybersecurity team in place or a contract agreement with an external partner that can provide cybersecurity services and remediation as and when required.

In some cases, insurers are also requiring their clients to undertake a zero-trust strategy designed to protect critical digital assets. Such a strategy limits access to resources to those parties who are able to prove their identity and that they have the relevant authority.

Many existing measures found wanting

The need for additional security measures by insurance companies stems from the fact that traditional security methods are often no longer sufficient in an era of rapidly evolving threats. For example, traditional combinations of user IDs and passwords can be readily compromised, allowing an attacker to readily access an organisation’s IT infrastructure.

Unfortunately, many people tend to reuse passwords across multiple systems or rely on simple word or number combinations that are easy to guess. For this reason, MFA is rapidly becoming a standard requirement as it effectively adds an additional protective layer to all digital interactions. It also helps to prevent attacks that occur as a result of nothing more than simple credential theft through a successful phishing campaign.

However, it’s important to understand that not all MFA options provide the same level of threat protection. For example, cybercriminals are becoming increasingly adept at circumventing some of the most used methods, such as one-time codes sent via SMS.

If cybercriminals manage to circumvent MFA or some other protective mechanism and gain access to an IT infrastructure, they are likely to attempt to take control to advance their planned attack. Once inside, they will attempt to move laterally within the network and obtain privileged credentials that will enable them to reach the victim company’s sensitive data.

These types of attacks, where cybercriminals scour IT infrastructures in search of valuable data and resources, are a fundamental feature of many ransomware attacks. In these instances, the attackers take advantage of security weaknesses and aim to steal or encrypt data and then demand a ransom payment for the decryption keys.

Combining MFA with endpoint security

To prevent such attacks, and ensure that cyber insurance requirements are being met, companies must opt for a security solution that’s able to deliver a combination of protection, detection, and response at an IT infrastructure’s endpoints.

To achieve this, the security team must make use of both an MFA platform and dedicated endpoint security and response tools. Using this combination boosts overall security in two critical ways:

• MFA provides the initial barrier:
  Once installed, MFA provides a highly effective initial barrier to cyberattacks. Attackers can no longer rely on simply obtaining login and password details as they will also require an additional means of identification to gain access. This is the reason that MFA is being seen as a non-negotiable requirement for cyber insurance companies before they will agree to offer cover to an organisation.
   
• Endpoint capabilities push security even further:
  The inclusion of endpoint detection and response (EDR) capabilities takes an organisation’s security protection to the next level. These tools can monitor activity on all endpoints connected to the corporate network and identify potentially malicious activity.
  
  Strong EDR tools can use artificial intelligence (AI) to classify all processes and applications on a network as either authorised software or malware. In this way, code can be prevented from executing if it is not verified as trustworthy.

By making use of a combination of MFA and EDR tools, an organisation can be confident it is well positioned to defend against attacks while also being capable of rapidly responding should one occur.

With the requirements of cyber insurance companies continuing to evolve, having such a strategy in place will become increasingly important to ensure that cover is in place and can provide financial support in the wake of a successful attack.