The rise of ransomware has given way to a perception that , in the event of an attack , there is a risk that payouts will exceed revenues . Insurers have become understandably more judicious about taking on a customer at all , never mind quoting them a reasonable price . And even if insurers are prepared to issue a policy , they will often infuse it with a lengthy list of caveats .
This leaves today ’ s digital businesses in the somewhat bizarre position of having to prepare and pitch to insurance companies .
In truth , this has some benefits , because it encourages the candidate to get in better cybersecurity shape . And it dissuades them from using cyber insurance as a replacement for robust cybersecurity .
Shoring up threat posture should come first in order to get a more affordable safety net . Look at strategy , staffing , policy , and technology before researching insurance providers . Look to common security controls such as identity management , privilege management , asset discovery , employee behaviour monitoring , network segmentation , malware defence , and endpoint detection .
Revisit the incident playbook , the training of IT and security teams , and the awareness levels of end users .
While this may seem like a departure from the search for cyber insurance , it is critical groundwork for making the enterprise a viable subject in the eyes of underwriters . Its goal is to prove to risk assessors that the organisation is as safe
INTELLIGENT TECH CHANNELS 39