If you haven't got a renewal quote for your cyber insurance... brace yourself.
Recently the insurance broker Marsh published its Q4 2021 review.
Even if you haven't made a claim.
With 4 of the Top 15 cyber insurers paying out 98 - 114% of the premiums they collected, the current situation cannot be sustained.
As I've said previously - there is no silver bullet to ransomware. It's about good processes and best practice security efforts.
So what is the path for the cyber insurance market?
In the short term - more restrictions on payouts. Last week I heard an insurer say to their client, “Unless the stolen data has personal information in it, we aren't paying out.”
In the longer term? As a cyber insurer on a recent webinar put it, “Security best practices won't be about getting a cheaper premium. It will be about getting a policy in the first place.”
Cyber insurance will remain a valuable tool to transfer risk. But the underwriters are increasingly showing - they won't accept just any level of risk.
“The sheep's got its head stuck in the fence again.” My son blurted as I pressed play on the Equinix CISO interview with Risky Business.
The interview with Michael Montoya - Equinix CISO - about their response to the 2020 ransomware attack is well worth listening to.
As expected, the often asked but rarely answered question came up.
How did they get in?
A remote desktop session was accessible to the outside world and a lost password.
And the Colonial Pipeline hack 6 months after Equinix? An open VPN port for remote access and a lost password.
It shouldn't be this easy.
As Michael Montoya said, “Be aware of your perimeter.”
At home, the sheep was successfully removed from the fence and new fencing is on order to stop it happening again.
In life, as in cybersecurity - be aware of your perimeter.