Problems with premiums
Business insurance that covers cyber-attacks, known as cyber insurance, is currently going through the roof. Once ‘nice to have’ is now to ‘hard to get’ and premiums have tripled or cover (even at renewal) is being withdrawn.
- This mirrors the rise in ransomware and cryptocurrency attacks. The recent Cybersecurity Solutions for a Riskier World report by ThoughtLab studied the security practices and performance of 1,200 companies in 16 countries. In 2021, the average number of cyber-attacks and data breaches increased by 15.1%.
It’s no surprise that the security executives polled predicted a year-on-year rise in the number and sophistication of attacks. And they highlighted the main causes of misconfigurations, human error, poor maintenance and unknown assets.
The cloak of complexity
The root causes identified above are visibility-related problems around vulnerabilities. In the shadows, cybercriminals thrive on this kind of complexity. In other words, it’s increasingly difficult to see, detect and prevent attacks (and fully understand how IT infrastructure is performing) in today’s virtualised, containerised, cloud-based and widely dispersed architectures. These are complex by nature and use dynamic resources in far-flung data centres. Combined with a lack of visibility, the risks become difficult to pin down and quantify – and that’s making insurance harder to get.
As a result, the capacity for cyber insurance is low – with some insurers removing products altogether. Among the policies still on the market, the level of due diligence required and cover provided can vary a lot. So, it could take a business significant effort and expertise to assess if the cover provided by a specific cyber insurance policy meets their needs – or is worth the money.
Even if you find suitable and affordable cover, the cyber-security measures that insurers now expect to see in place are more stringent and comprehensive than ever. As a minimum, insurers will want to know the details beyond the dashboards – and might look forensically at security defences across data, infrastructure, network, applications and web.
They’ll also expect evidence that you fully understand the potential risks and impacts of a security breach. And, of course, how you plan to react, respond and recover during (and after) an attack or a performance issue. Essentially, comprehensive proof that you’re fully prepared – and that’s not simple across an entire modern IT environment.
Assurance versus insurance
We’re not knocking cyber insurance – it’s essential cover for many businesses and valuable backup for security incidents. But what about businesses who either cannot meet the criteria or afford to pay for the cyber insurance policy, or find one that’s right for them?
Beyond insurance, there’s assurance. With the right tools, you can be confident that you’re securing your business. And that you’re constantly measuring and evaluating performance – and understanding it from the end user’s perspective. More visibility also increases your capabilities to detect and fix issues across devices, networks and applications. Plus, performance monitoring tools provide a variety and volume of data that informs decision-making from strategy to operations.
Many of our clients use Pulse360 – a suite of performance assurance, security and monitoring tools to help you securely manage your IT infrastructure, network, data, applications and web. It’s a modular solution that also extends capabilities in security testing, threat detection and data protection. Plus, it pools performance data to tackle more than security challenges. This helps to identify weak points and poor user experiences, troubleshoot issues and prevent and even predict problems before they impact end users.
For many businesses, a focus on the right tools is proving a wiser investment than the cost, time and effort of cybercrime impact and cyber insurance claims.
Monitoring tools are key to operating securely and efficiently – and giving you the evidence and figures to prove you are. And there’s the added bonus that performance assurance helps you map the future, including cloud migrations, capacity planning, network design, hardware upgrades and right-sizing of network equipment. All of which are invaluable insights when managing costs and prioritising which performance improvement investments you need to make next. No matter how comprehensive an insurance policy is, it won’t help you do that.
We’re here for help and advice on security and performance across your IT estate – and we promise not to sell you an insurance policy.