Ever-evolving cyber risk means insurers can require organisations to place more stringent controls on user access and privileges, a Delinea security scientist has explained.
Joseph Carson, security scientist at privileged access management (PAM) specialist Delinea, also noted, in a blog for Insurance News Net, that cyberinsurance is now an essential lifeline, not just a merely “desirable” security accessory.
“As cybercrime continues to leave mass financial and operational destruction in its wake, protecting the bottom line and ensuring business continuity following such events has captured attention,” Carson said.
“Regulatory compliance and increased scrutiny from customers have also forced this level of urgency.”
According to the Delinea executive, more organisations are seeking out cyber risk coverage, with about 80% of organisations in a Delinea survey with cyber insurance reporting using their coverage at least once.
Meanwhile, insurers have been raising rates and requirements for customer organisations, although many organisations are showing themselves to be unprepared for related questions and risk assessments, he said,
“A prospective insurer first will want to understand the specific risks which pertain to your organisation and the current risk management processes in place,” Carson said.
Insurers may use their own methodology for their organisational risk assessments, often covering off National Institute of Standards and Technology (NIST) framework cybersecurity principles of identification, protection, detection, response, and recovery.
Insurers also expect to see an inventory of hardware, software and privileged accounts for all possible entry points and threat vectors, and a determination of the value and scope of the assets an organisation seeks to insure, Carson said.
Protections therefore should include sophisticated identity and access management controls, data security, maintenance and repair strategies, and more – with credential-based cyber attacks increasingly common, he suggested.
“Insurers are looking for strong multi-factor authentication (MFA) controls,” Carson explained. “These controls can help validate who is accessing systems and add a layer of security.”
Also required are endpoint security tools that can identify and respond to security events at endpoints, Carson added.
Read the full blog post on Insurance Net News.
( Photo by Austin Distel on Unsplash )
