How to improve security controls for a new era of cyber insurance
Risk and GovernanceSecurity

How to improve security controls for a new era of cyber insurance

Our Identity Business Manager, Melissa Hardcastle explores the recent changes in cyber insurance, how they impact your organisation, and how to strengthen your cyber security strategy in response to the ever-evolving threat landscape.


Why is cyber insurance changing? 

The ever-changing cyber landscape combined with hybrid working has led to a rapid growth in cyber crime and external cyber threats, particularly ransomware.

In 2021, cyber attacks increased by 50% compared with 2020, a surge that most organisations hadn’t anticipated. The cost of cyber crime in escalating and ransomware is now the cause of 75% of all insurance claims, up from 55% in 2016.

Key points

+ Cyber insurance has always been a reliable safety net, but things are changing fast and insurance brokers are tightening security requirements. This means that organisations need to now implement stricter security controls than before, deploying multi-factor authentication and a least-privilege strategy.

+ High demand for pay outs is driving up insurance costs and altering the products offered by cyber insurance companies, including the scope of what they will and won’t cover. Some companies, such as AXA made an announcement in August 2021 that it would no longer pay ransom demands for future policy holders.

 

Before committing to a new or existing policy, be aware of what the changes look like and which types of attacks your cyber insurance policy will and won’t pay out for. 

Read more about the changing face of cyber insurance

The new cyber security controls you need to implement 

Cyber insurance companies now look for common security controls, such as:

  • Administrative privileges
  • Access management
  • Employee behaviour monitoring
  • Network segmentation
  • Malware defence

 

Key steps to meet the new cyber insurance requirements 

  1. Implement password management and automation: avoid storing credentials on Excel spreadsheets or in Word documents and relying on encryption to keep them secure
  2. Limit privileged access: implement a Privileged Remote Access tool to grant just-in-time access, for limited time periods compliance
  3. Protect privileged accounts: deploy a Privileged Access Management (PAM) tool to manage privileged account access, including credential rotation, session monitoring, and auditing capabilities
  4. Deploy multi-factor authentication: this allows you to security check access before granting it to confirm identities
  5. Education and training: your employees are the most likely way a cyber criminal will find their way into your systems. Implement regular training to make employees aware of how to spot a social engineering or phishing attack

 

How to plan for a cyber incident 

You can deploy every security tool available and always follow best practice, but as the threat landscape evolves, so do cyber criminals’ techniques. With cyber incidents, it’s always a case of ‘when’ rather than ‘if’ one will happen.

It’s important to create and implement a cyber security incident response plan (CSIRP) before a threat is detected. This approach will protect your organisation against the impacts of cyber attacks with a quick and effective reaction.

A basic incident response plan includes:

  • A list of key contacts
  • Escalation criteria
  • A flowchart or process map
  • At least one conference number

These plans should be created with a good understanding of the different roles within your organisation and include your business continuity and disaster recovery plans for each area, ensuring complete coverage and collaboration across all departments.

Follow our best practice advice to help prevent a security breach

 

How do you ensure rapid support in the event of an incident? 

Cyber security incidents require careful preparation, rapid response, and critical asset protection. Incident response retainers support organisations to get back to business as usual following a security incident. By deploying their own technologies to your environment, they also apply their frontline expertise to transform your cyber defence capabilities, mitigate threats, and reduce business risk – before, during, and after an incident or breach.

 

Talk to us about tightening your cyber security controls 

Our cyber security specialists will identify how strong your cyber security strategy is, identify weak spots, and spot opportunities to implement tougher cyber security controls.

Chat to us now
Melissa Hardcastle
Melissa Hardcastle

Melissa is Phoenix's in-house Identity Business Manager. Having spent over two years advising our public sector clients on all aspects of security solutions, Melissa has experience working with some of the leading security solutions on the market today. She continues to advise our customers about how Phoenix helps solve security challenges including identity, SOC, SIEM, and incident response.

See all posts by Melissa Hardcastle

About Phoenix

Phoenix enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud and hybrid infrastructures data, AI, security, and collaboration tools. By understanding the individual goals of its customers, Phoenix delivers remarkable, outcome-focused IT solutions and services that allow UK organisations to make a difference to the lives of their employees, service users, and communities.

Phoenix is a signatory on the Race at Work Charter, and a Disability Confident and Living Wage employer. The company is also actively involved in encouraging more women into the IT industry.

 

How we handle data  |  Unsubscribe

Recent Blog Posts

  • 25-04-2024 - Phoenix Software have been recognised for exceptional performance and innovation in Customer Cloud Data Security Phoenix announced today that it...... Read more
  • 04-04-2024 - As we innovate, QR codes are becoming commonplace. From accessing restaurant menus to event tickets, QR codes offer convenience and...... Read more
  • 03-04-2024 - From 15 July 2024, Adobe will no longer be selling Acrobat Standard 2020 and Acrobat Pro 2020 licences in the...... Read more

Sign Up

Please enter your details below to opt-in for the latest news, events and industry updates from Phoenix.

©2024 Phoenix Software All Rights Reserved. Phoenix Software Limited is a company registered in England and Wales, with company number 02548628 and VAT number GB 755 3490 15. Registered Address: Blenheim House, York Road, Pocklington, York, YO42 1NS