Basic measures no longer enough to protect organisations against cybercrime

Senior cyber insurance underwriter identifies essentials to thwart threats

Basic measures no longer enough to protect organisations against cybercrime

Cyber

By Roxanne Libatique

Agile Underwriting Services (Agile), a multi-class insurtech and Lloyd's coverholder that offers cyber insurance policies, has warned that basic cybersecurity measures are no longer enough to protect organisations against cybercrime.

James Crowther, the head of cyber and emerging risks at Agile, emphasised that ransomware is now sophisticated enough to bypass minimal security, making advanced protection crucial.

“Diligent, iterative risk management is the key means by which organisations, large and small, can keep the threat at bay,” Crowther said.

In a new Agile white paper outlining the risks and identifying solutions, Crowther advised organisations to implement four key factors:

  • Continuous cyber awareness training for employees;
  • Multi-factor authentication, which Crowther identified as one of the most effective ways to protect against unauthorised access to information and accounts;
  • Sophisticated data back-up procedures; and
  • Advanced endpoint protection.

“Cybercrime is big business. And it's not just big business that's at risk. Hackers, spammers, bots, and malware – including ransomware – are a threat to the integrity, availability, and confidentiality of all digital information,” Crowther said.

Agile released the white paper to increase brokers' knowledge on risks, identify solutions, and help brokers outline the issues to their clients.

Crowther revealed that the pandemic, particularly the continuing trend for offsite workforces, has prompted increased due diligence for underwriting cyber risks.

“You can never protect against everything, but the more secure you are, the better your chances of recovery if disaster strikes,” he said, noting a well-established market for security training and the possibility that underwriters will soon make resilience training mandatory for obtaining cyber risk insurance policies.

“It might be annual for SMEs, but quarterly for larger enterprises where the financial risk is greater. Brokers, as trusted risk advisers to their clients, need to alert them to the need for continuous training, which should include all employees, plus contractors,” Crowther added.

The Agile white paper found that back-up procedures are vulnerable because too few organisations assess the integrity of their back-up data. As a result, it identified back-up options to ensure business continuity if a main network is compromised.

Traditional, reactive endpoint security tools, such as firewalls and anti-virus software, depend on known threat information to detect attacks, Crowther explained.

However, advanced endpoint protection (AEP) uses proactive technologies, such as machine learning and behavioural analysis, to identify potential new or complex threats. AEP can isolate and shut down threats quickly and prevent them from moving to another device on the network.

“AEP is a critical element of IT security because any endpoint – whether a desktop PC, a printer, or an industrial control – is a potential gateway into a network,” Crowther said.

“In high-risk areas, we take a mature approach to eliminating 90% of the risk and developing a premium for the 10% that remains potentially vulnerable.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!