- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
Costs related to cyber security breaches rose 10 – 15% in 2020, depending on whose research you read (more on this in our next blog post). As a result, insurance companies in Canada, the US and further afield are re-thinking their cyber security insurance polices – and the requirements to qualify for coverage. Not to mention how they’re paying out claims – or not.
We contacted a few of the major carriers in Canada and what we learned follows. As you read this, please remember that the nature and size of your operation, and your own carrier’s policies, will affect what holds true for you, so please contact your agent. But please DO contact your agent, because you don’t want to find yourself not-insurable, or a claim not covered.
Insurance Rules Are Changing
Or have already, in some instances, with some carriers.
- Over 45% of active Canadian cyber insurance plans will not be renewed in 2022 because firms do not have proper security software, plans and processes in place.
- Companies using approved (and each insurance firm has its own list) third-party managed cyber/ network security services often receive policy rate reductions. Sometimes substantial reductions.
- Knowing the increasing level of ignored or improperly investigated alarms by internal teams, some carriers are starting to mandate professionally-managed cyber security services for companies that do not have a dedicated team of highly-qualified experts on staff. This is particularly true for companies with larger risk exposure – and this includes companies that process credit card information or need to retain information such as health card, driver’s licence, or anything else that could be used to gain unauthorised access to key corporate information, or can be used for identity theft.
- In addition to being compliant from a network perspective, carriers are also checking that companies are fully-compliant according to the requirements of the industry in which they do business on a day-to-day basis.
For instance, if a companies processes cards, or stores credit card data, there is a need to show PCIA compliance, which requires a vulnerability assessment every quarter – and not by the company that manages your security.
To work with federal government agencies, companies must comply with NIST Publishes SP 800-177 (trust worthy email – protocols of mail transfer agents, deploying SMTP + and Domain Name Systems [DNS] authentication mechanisms).
Many industries have similar sets of regulations. Good managed services providers can stay on top of the changing cybersecurity requirements and help clients ensure they are fully compliant
- Many insurers now require proof that a data breach response plan has been developed (click here for tips on preparing your breach response guide).
- Many insurers now also require that you have conducted a security assessment within the past 12 months, and have a plan for filling in the gaps. What if your security posture is not perfect when you are hacked? Provided you can show that you took key steps, and were actively implementing the remaining ones according to schedule with budget attached, fines will likely be lower, and insurance payouts higher (or existent) if you are breached.
- Some insurance firms require the companies they insure to have regular penetration testing and security audits – and that these be performed by companies different from the ones providing Cyber/ Network Security as a Managed Service.
In other words, the people protecting the castle can not be ones that try to break in to see if it is truly impenetrable or not.
Naturally, this means having an outside firm do your security audits and penetration testing if you are running things in house.
Unfortunately, most companies only start thinking about how they’ll respond once they have been attacked – and by then it’s too late. As you can surmise from the above, this may also impact insurance payouts and fines.
If I were to call and say: “You’re under attack right now, what should you do right away? And then immediately next?” would you know what to say right away? Or be sure you had the right answer?
If not, please give us a call. Even a small attack can set a business back and cost precious time, money and resources… and as you start to adapt your distributed network policies to accommodate your new hybrid work model, it’s possible that new gaps will appear.
We have experts on staff that can help. We can conduct a security/system vulnerability assessment and penetration testing.
We also work with some of the top cybersecurity/ network security managed services providers according to Gartner – and all our cybersecurity and intrusion detection partners have been approved by all or most of the major carriers and can ensure that clients are fully-compliant for the industry in which they do business, as well as for the type of business they operate, or the kind of organisation they run.
In the meantime, ensure you back up everything (we have great options for this) and ensure your Breach Detection Preparedness Plan and other protocols are in place.
You may also wish to view: What to do when the yoghurt hits the fan – 8 Steps for Handling Corporate Crises