What is Cyber Liability Insurance?
While the risk of an employee clicking on a foreign prince’s secret gold offer may be past us, modern-day technologies have evolved and expanded in today’s remote work and IoT-connected settings. It’s hard to wrap our heads around every new risk out there; nowadays a single well-intended click of a GoFraudMe link can download malware that locks and holds your data for ransom. Unless every employee is on-boarded with good back-up practices, the fee to get a decryption key is high (and probably in Bitcoin). The advancing ransomware business is a threat not just for the big guys, but for organizations of every size.
According to Verizon’s most recent Data Breach Incident Report, instances of advanced ransomware have doubled in the past year, alongside major upticks in phishing attacks and social engineering. A new landscape of data and cloud-enabled business has forced us to think differently about what to protect — namely the key personally identifiable information (PII) and personal health information (PHI) that can be accessed through corporate and remote networks.
This era of unpredictability has increasingly resulted in companies looking for ways to protect themselves and their employees in the event of a breach. Don’t worry though, there's already an insurance policy for that.
What is Cyber Liability Insurance?
Cyber liability insurance, sometimes known as cyber insurance, is distinct from traditional commercial general liability and property insurance policies. In short, cyber liability insurance acts as a general line of coverage designed to mitigate losses and costs from a variety of cyber incidents, including data breaches, network damage, and the resulting business interruption.
While each provider’s policy may differ slightly, cyber liability insurance generally deals with:
Loss or destruction of data
Damages to software/hardware
Extortion demands to appease bad actors
Breach incident response and crisis management
Legal claims for defamation, fraud, and privacy violations (third-party coverage)
Many variables go into pricing, which ranges from $500 to over $50,000 per year. To determine what coverage is necessary, cyber liability insurers calculate cost and risk based on industry, width and depth of data coverage, and, most importantly, what security measures are already in place. Kind of like how your car insurance needs to know your location, make and model, and how many teenagers will be behind the wheel.
Any insurance policy wants to make sure that you’re taking the necessary foundational safety measures. Home insurance recommends anti-theft measures and outdoor cameras. Auto insurance expects you to use a seatbelt and have a valid driver’s license. Likewise, cyber liability insurers often look to MFA (multi-factor authentication) as an indicator of security safeguarding and may expect your company to have it set up.
How MFA Protects Your Company
MFA serves to protect against account compromise in the first place by requiring an additional step of verification beyond a username and password. A second factor is used to confirm identity, ranging from smartphone push notifications to hardware keys and biometrics. Considering 61% of breaches involve credential data, it’s a no-brainer for insurance companies to require something as easy and effective as MFA.
Enterprises and large businesses may seem like the obvious candidate for MFA and cyber liability insurance. However, equally, if not more, at risk are small and medium businesses that may not have the advanced IT infrastructure and teams to deal with potential liabilities. Municipalities and healthcare organizations that need immediate access to critical information are also frequent targets.
Converging Trends
The simple act of rolling out MFA also has the additional benefit of setting up a foundation for good security hygiene and a zero trust architecture. Zero trust (ZT) brings in elements of device trust and least-privileged access. We want to make sure that users are who they say they are, their device is trusted, healthy, and up-to-date, and that they are given access to only what they need. Even if a bad actor gains credential access, the nature of zero trust is to check identification frequently and continuously with abnormal and irregular activity prompting higher security measures. With least privileged access, the user might not have had access to PII and critical data in the first place if their role didn’t need it. This not only protects breach of key information and networks, but it also helps prevent lateral movement if one account is compromised.
Google searches of the recent Executive Order, GDPR compliances, and “what is cyber liability insurance” are on the rise, and it’s clear that today’s digital landscape trends towards one direction: dealing with the when rather than the if of attacks and breaches. While cyber threats continue to innovate and promises of free gold are replaced with compelling links to “the next cryptocoin for cat-lovers,” perhaps the smarter move is to begin thinking about deploying MFA and a preventative zero trust model of security. It’s just a good idea.
Read the Duo for Cyber Liability Insurance solution brief to learn how Duo can complement cyber liability insurance.
Try Duo for Free
Want to test it out before you buy? Try Duo for free using our 30-day trial and get used to being secure from anywhere at any time.