Cyber Insurance is NOT Cyber Security

Have you ever thought that as long as you have car insurance that it was okay to drive drunk? Or have you ever thought that as long as you have homeowners insurance it’s okay to start a bonfire in your basement? If you have a car accident or your house burns down, your insurance will pay, right? Of course not!
So then why would you think that as long as you have cyber insurance you don’t have to protect your system? You do!
If you were one of the early cyber insurance policyholders, you likely only had to answer a handful of questions and were guaranteed a policy at a very reasonable rate. Now, however, if you try to renew or obtain a policy for the first time, you may have to answer a questionnaire of up to 300 questions and are not guaranteed to be able to obtain the policy/renewal…and if you do get the policy, it will be quite a bit more expensive.
The primary reason for this increasing difficulty and cost is the ever-increasing threats.
If you own a modest one-story home in a quiet neighborhood at the end of a cul-de-sac that is not in a hurricane, tornado, wildfire, or earthquake zone with a low crime rate, your homeowner’s insurance will be much less than if you owned a 3,000 square-foot, state-of-the-art, high-tech beach house on the coast of Florida. More threats, more risk.
Additionally, when you initially obtain a cyber insurance policy, the requirements to maintain a strong cyber security posture will increase over time as the threat increases. The insurance companies must take this into account. You may be safe today but if you don’t sustain good cyber hygiene and patch frequently, you will be more at risk later.
Similar to car insurance companies that allow customers to opt-in to monitoring in order to have decreased premiums, cyber insurance providers may allow for monitoring by the insurance companies to maintain lower premiums.
This monitoring is one of the many, and one of the critical, tools that a cyber security firm can provide in addition to the other measures they can provide to help protect your network and foster a mature cyber security environment.
Some industries are already seeing cyber insurance policy providers teaming up with cyber security firms to help their clients be better situated to prevent, detect, respond and recover from an attack which would, in turn, mean a less costly claim.
One thing that cyber insurers want their clients to understand is that cyber insurance is NOT a defense. It should only be part of their mitigation or support for if and when an attack happens. Car insurance will not keep you from having an accident but it will help to restore or replace your vehicle if you are in an accident and get you back on the road quicker than if you didn’t have insurance.
While different cyber insurance providers require different security measures to be in place in order to be covered, the one that almost all requires is that their clients use multi-factor authentication. Additionally, if you are using a cyber security specialist or consultant, they can help you implement the measures that an insurance provider requires and attain coverage.
Bottom line…cyber insurance is NOT a substitute for cyber security. They go hand in hand to protect you and help you stay in business and operational.
CYBER NEWS
Your email is a major source of security risks and it’s getting worse
Your email is a major source of security risks and it’s getting worse
Criminals still like using email to phish credentials but ransomware delivered by email has tapered off.
www.zdnet.com • Share
Only 8% of C-suite executives use MFA across a majority of apps, devices
Only 8% of C-suite executives use MFA across a majority of apps, devices
BlackCloak points out that organizations need to do a better job protecting their top executives: some 87% of executives use passwords that have been leaked on the dark web.
www.scmagazine.com • Share
Ukrainian cybersecurity officials disclose two new hacking campaigns
Ukrainian cybersecurity officials disclose two new hacking campaigns
Both efforts relied on malicious documents, officials said.
www.cyberscoop.com • Share
Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating
Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating
Microsoft says customers should ensure their Exchange server patches are up to date to prevent cyber criminals from deploying BlackCat ransomware.
www.zdnet.com • Share
TIP OF THE WEEK
Summer Travel Cyber Security Tips
“Summer Vacation.” I’ve heard this term before but can’t clearly recall what it means.
Isn’t that something we use to do in the year BC (Before COVID)?
Well, if you’re one of the lucky ones planning that family vacay to Disney, the beach, or the mountains this summer, here are some tips to keep you #CyberSafe:
Be cautious when using public WiFi. If you connect to an airport or hotel guest network, be sure it is the actual official guest WiFi and not a fake setup to steal your login information.
Do not allow your device to auto-connect to detected networks
Don’t access your bank account or credit card account from a public WiFi
Remember to use MFA whenever possible
Do not use USB ports to charge your device. Charge with your own cords and plug directly into a power outlet.
Keep a close eye on your devices in public. Pickpockets are sneaky.
Ensure your device is locked with a code or biometric
Be wary of travel text updates. Some scams include phishing texts that purport to be from an airline or TSA requiring you to renew your PreCheck but it is only a scam to steal your payment information. Always go directly to the TSA, airline, or credit card website. Do not click a link you receive via message.
Use a good, reliable security app such as Lookout (for iOS and Android). You can sign up for a month and it will help protect you from scams.
Try not to alert strangers to the fact that you are not at home. Don’t post about how you’re excited that your trip to Hawaii is June 23-30. Don’t post photos while you are away. Wait until you return to post them to make us all jealous of the luau you went to. ALOHA!
Safe Travels!
VOCABULARY WORD
Breach: The instant when a cyber attacker is able to exploit a vulnerability in your device to gain access to your data and network.
CYBER HUMOR