The podcast discusses the importance of cyber insurance for small businesses and delves into the questions and considerations involved in the application process. Cybersecurity is crucial for businesses, particularly small ones, as it provides protection and financial coverage in the event of a cyber incident. James highlights that the process of applying for cyber insurance can enhance a business’s cybersecurity posture by making them consider key risk factors and controls.
The podcast outlines that premiums for cyber insurance are rising, but insurers are also trying to limit their exposure by excluding losses from state-based cyber-attacks. This change is driven by the increasing prevalence of large-scale cyberattacks linked to geopolitical conflicts. While this may decrease the value of cyber insurance, it aims to make it more commercially viable in the long run.
James proceeds to describe the questions that small businesses can expect on a cyber insurance application form, which can serve as a guide to improving their cybersecurity practices. The questions include:
Previous Cyber Incidences: Inquiring about past cyber incidents, such as malware attacks or data theft.
Managed Service Provider: Identifying who manages the business’s IT services, as external support is often necessary.
IT Infrastructure: Assessing the scale of your IT infrastructure, annual IT budget, and percentage spent on IT security.
Sensitive Data: Inquiring about the storage and security of sensitive data, such as passport details or personal information.
Backup and Recovery: Evaluating the backup system, including frequency, offline backups, and backup security. Learn more about the 3-2-1 backup rule: What is a 3-2-1 Backup Strategy? | Seagate ASEAN
Endpoint Protection: Examining the vendor and coverage of the endpoint protection software.
Network Security: Scrutinizing the network’s firewall, vulnerability scanning, and penetration testing.
Multi-Factor Authentication: Assessing whether multi-factor authentication is implemented for remote access and email.
Phishing Awareness: Inquiring about the frequency of phishing simulation exercises.
Microsoft Secure Score: Checking the security of Microsoft 365, emphasizing multi-factor authentication. Check out Microsoft Secure Score here: Microsoft Secure Score | Microsoft Learn
Administrative Accounts: Identifying who has domain administrator accounts and their usage.
Patch Management: Evaluating patch management and response to zero-day vulnerabilities.
Payment Processes: Verifying the authentication method for changes to payment details.
Security Products: Listing various security products, including web content filtering and intrusion detection.
James explains that each of these aspects contributes to a business’s overall cybersecurity resilience and will be assessed by insurers. The advice provided can help small businesses strengthen their cybersecurity practices and make the insurance application process smoother.
Learn more about creating incident response plans here: What is an Incident Response Plan and How to Create One (varonis.com)
The podcast also mentions that the cyber insurance market has been growing significantly, from $6.15 billion in 2020 to an expected $36 billion by 2028, underlining the growing awareness of cybersecurity’s importance in today’s business landscape.
See here for the cybersecurity process in Australia : Cyber Insurance: Tackling the Process, How to Prepare and What to Expect | CBS (canon.com.au).