Cybersecurity insurance is a hot topic! As many as 84% of organisations have such insurance, but premiums are increasing and end users are required to jump through a growing number of hoops to gain and maintain coverage. Even then, not every incident is covered. We don’t sell insurance at Sophos, but we can help clients reduce their premiums and access appropriate cover thanks to the great protection we offer.
We can help customers to access cover. Advanced protection is increasingly a requirement in order to get cyber coverage, with managed detection and response (MDR) services, endpoint or extended detection and response (EDR/ XDR) technologies and next-gen endpoint protection the most common requirements. Once cover is established, we can help to reduce premiums just as an alarm and window locks reduce your home insurance premiums, so having advanced IT defences helps reduce your clients’ cyber insurance costs. While the insurers exact premium calculation algorithms are a closely guarded secret, customers consistently say that the quality of their protection impacts their premium.
Good cybersecurity makes sense in the long term too, because better protection reduces the likelihood of a claim. As with other forms of insurance, if you make a claim, you can expect a significant increase in your premiums in subsequent years. By minimising your risk of being impacted by a cyber-attack, unauthorised access and exfiltration, you reduce the likelihood that you’ll need to call on your policy – and help keep your premiums down. If the worst does happen, then an effective cyber security approach can at least reduce the impact of the incident. This will reduce the cost of the resultant claim by allowing a rapid and appropriate response to a cyber-attack. In particular, having an incident response plan in place and being able to call on experienced incident responders will help you minimise the fall-out from the attack. This is where our managed threat and rapid response services can come in to play.
Finally, and potentially most significant of all, good cyber security can help to reduce the risk of non-payment of a claim. Many policies specifically exclude particular types of attack, like ransomware, and you should encourage your customers to carefully peruse policy documentation to ensure the cover meets their needs. It is also worth looking at the conditions of pay out, as poor IT hygiene can prevent your clients from receiving financial support in the event of an incident. If the insurer believes that a door has been left open through weak practices, they may have grounds not to pay out on a claim. XDR is an ideal tool to assess an end user estate rapidly for out-of-date systems and applications that require updates.
Protection and insurance certainly aren’t mutually exclusive and the rush to access cover this is the ideal opportunity to position yourselves as trusted advisors and review a client’s protection strategy with a view to upselling.
If you want more details, check out our recent Sophos News post, which has a link to the Sophos Cyber Insurance Guide.