Cyber Insurance and Multi-Factor Authentication

Cyber Insurance and Security


You can't talk about cyber insurance without talking about cybersecurity. In fact, the previous topics covered in this Super Simple Guide — compliance, encryption, scope of data, and multi-factor authentication — all fall under the cybersecurity umbrella.

But let's take a step back from the specifics and look at the concept of security as a whole and its relationship to cyber insurance. What does looking at the big picture teach us?

Lesson #1 - Cyber Insurance and Cybersecurity: Partners Against Crime

If you take one thing from this Super Simple Guide, let it be this:

Cyber insurance is not a substitute for healthy cybersecurity practices.

Getting cyber insurance because you don't feel like dealing with cybersecurity is like purchasing car insurance because you don't feel like keeping your eyes on the road: a really bad idea.

First of all, cyber insurance policies don't cover every cost associated with a cyberattack. In fact, there is a trend in the cyber insurance industry toward greater selectivity and caution about scope of coverage. For instance, we're now seeing carriers refusing to provide coverage for social engineering attacks, which are an extremely common type of breach.

But even if you have great coverage, your business can still fall prey to one of the most insidious costs of a cyberattack: reputational damage. A study by IDC found that 80% of consumers in developed nations will stop doing business with a company if their personally identifiable information is affected in a security breach.

Finally — and perhaps most importantly — you shouldn't view cyber insurance as an excuse to be lax about cybersecurity because cybercrime hurts people. This might sound too obvious to be worth stating, but it's not; for whatever reason, it's easy to forget that cybercrime, despite occurring in cyberspace, has real world consequences. More to the point, it turns people's lives upside down.

Bottom line: Your cyber insurance policy does not absolve you of the responsibility to maintain a robust security posture at your organization. Why? Because suffering a cyberattack can be devastating, whether you have cyber coverage or not. It's that simple.

Lesson #2: The Cybersecurity Bar is Getting Higher

Cyber insurance is a young industry, but one that is rapidly evolving. Carriers are becoming more and more discerning and demanding about the cybersecurity practices used at their insureds' businesses.

Cyber insurance carriers want to see that your business has a firm grasp of cybersecurity basics, it's just that the set of things that count as 'the basics' is constantly expanding. Something like MFA didn't use to be a security 'must-have.' Now it is. Same goes for

email encryption and a variety of other security tools and processes.

Why is this happening? Because cybercrime itself is evolving, and at breakneck speed. Thus, cybersecurity has to be approached as a process, not a destination — an ongoing effort to keep pace with cybercriminals (or one step ahead of them if we're lucky).

Bottom line: You should be constantly seeking to improve your organization's security posture to keep your business safe, not to make cyber insurance companies happy. That said, if you're interested in purchasing — or keeping — a cyber insurance policy, expect to face increasingly strict demands from carriers.

Lesson #3: Get Help!

Reading about the ever-evolving demands of cybersecurity might have gotten your pulse up and your palms sweating. Cybersecurity can be an overwhelming topic for the SMB owner. The rapidly evolving security landscape makes it hard to know which solutions you actually need, and which ones are just the latest fad. You don't have hours and hours to research everything, nor do you have the massive IT budget to experiment with costly solutions on a trial-and-error basis.

For this reason, more and more SMBs are turning to managed service providers (MSPs) to help with cybersecurity and other important aspects of IT strategy. An MSP can help your organization bring its entire security framework up to speed and under budget, freeing you up to focus on running your business.