Before any coverage is purchased, cyber insurers want organizations to first have better risk management strategies in place.
Similarly to how insurance companies from other lines of business want to know how their clients are working to actively avoid risks, cyber insurers also want to see their clients doing their best to prevent cyber threats, experts say.
“Insurers want to know there is an organized and proactive effort to manage cybersecurity risk,” Travis Wong, vice president of risk engineering and security services at cyber insurer Resilience told IT World Canada.
Some of the risk management strategies suggested by cyber insurers for organizations include multi-factor authentication (MFA), backups for data, incident response plans, patching software, and cyber awareness training for employees.
While listing costs both before and after a cyberattack could be costly for both insurers and customers, IT World Canada said, both parties may get caught up in trying to fix the situation, overlooking other vulnerabilities that could lead to other costly problems.
One key risk in particular that both cyber insurers and their clients must carefully prepare against is data theft.
“Theft of credentials either through phishing or unprotected assets exposed publicly on the internet remains the predominant approach for cybercriminals to launch an attack,” said Cowbell Cyber founder and CEO Jack Kudale.
Companies that can implement an adequate security system and can take further steps to meet additional security requirements will be better served by cyber insurers, IT World Canada said.
