FINAL WORD
Cyber insurers are liable to reject coverage if businesses do not have a certain standard of cybersecurity .
In 2021 , we observed a resurgence of enterprise ransomware with a shift towards larger organisations . By attacking enterprises with a larger reach , threat actors are looking to increase their financial gains without increasing effort .
The rise of ransomware attacks on supply-chain and third parties is resulting in ‘ one-to-many ’ compromises .
On average , enterprises have approximately 5,800 vendors they depend on for business functionality , and 20 % of these pose a high risk .
Since third-party ( and fourth party ) cybersecurity is often not up to the mark , and there is a lack of visibility of realtime cyber-risk the third parties pose to a business , cybercriminals are targeting thirdparty vendors to laterally breach multiple larger organisations simultaneously .
Examples of such tactics include the SolarWinds attack , which will reportedly cause a cumulative loss of over US $ 100 billion .
In 2022 , ransomware is evolving ; sensitive credentials will be stolen and leaked without any waiting period , customers ’ data will be exposed and customers will be directly threatened .
Therefore , reactive techniques and reliance on data backups alone wouldn ’ t help . Organisations will have to proactively prepare for ransomware attacks and have dedicated playbooks in place to manage and mitigate them .
Proactive cybersecurity through Cyber Insurance
With the costs to manage and mitigate cyberrisks rising – from the first half of 2020 to 2021 , the average ransom demand increased by 170 % – businesses are looking to ‘ transfer ’ their cyber-risk through insurance .
Last year alone , there was an increase in claims frequency by 46 % for IT , and 53 % for professional services and 263 % for industrials , according to a report by Coalition .
Cyber insurance plays a significant role in influencing proactive cybersecurity initiatives . The way insurers do not cover risky drivers under auto insurances , cyber insurers are liable to reject coverage if businesses do not have a certain standard of cybersecurity .
A deliberate shift from both parties to adopt a standardised means to measure , manage and mitigate cyber-risks in real-time through breach-likelihood prediction will have the benefit of knowing .
It will enable cyber insurance providers to have a dynamic view of who they ’ re covering and the risk they ’ re underwriting . Given the number of dynamic parts in businesses , including people , third parties , technology and cybersecurity products , that can be targeted for initiating ransomware attacks , cyber-risk quantification can be a gamechanger for insurers and businesses alike .
Managing ransomware proactively
Firstly , an organisation should define what financial risk they are facing as a result of ransomware attacks ; it varies depending on the geography , industry and size of the business .
Once they have calculated this value , they must build a strategy to accept , reduce or transfer the risk .
INTELLIGENT TECH CHANNELS 67