You probably have a cyber-insurance problem, but don’t know it

14 Jun 2021 | Security

 

Good practice last year isn’t good enough anymore. 

Even cyber-insurance providers are getting more selective before accepting cover, or worse, before paying claims.

With the number of claims skyrocketing insurers are increasingly asking, “What did you do to protect yourself from the obvious and known risk from cyberhackers?”

The levels of protection you put in place 1 or 2 years ago probably aren’t adequate for the threats today.  They are evolving so rapidly.

 

So what can you do?

Hackers aren’t waiting for you to make a decision to put protections in place.

They are spending every waking moment trying to find new ways of stealing your data. They have set themselves up as businesses to do evil. They hire the best and brightest talent, and have the latest tech – simply because it’s worth it. Its organised crime and these guys are the mafia of the modern age.

We see continuous hacks on most of our clients. These are attempts to penetrate their firewalls, or guess their passwords on Office 365. We see fake webpages through phishing attempts, and we see techniques to harvest password reset questions by asking for favourite teachers, or first cars, or favourite band on platforms like FaceBook.

That’s why your cyber-insurance and business continuity insurance providers will be starting to ask more demanding questions when you renew your cover. They are well aware of the risk and they want to know that you have taken all reasonable steps.

You need to be able to reassure them that you have:

  • deep endpoint protection
  • a penetration and vulnerability assessment
  • data governance that is fit for purpose
  • awareness programmes for all users and verification
  • dark web monitoring
  • multi-factor authentication and complex passwords

and so much more – the very items we have included in our KARE for Security services. 

The question for you, and your insurer, is what level of protection is appropriate for your organisation so your insurer will cover you if you need to claim?  That is why we have two levels of cyber-protection, and, because this isn’t static, it is why we keep investing and researching additional tools to help defend you from harm.

The Hackers are turning up their attacks on you – are you turning up your defences to match?

One quote we saw recently that rang true was:

“A cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day.”

 

What’s your next step? We’ve created a simple 9-point checklist to help you navigate the cyber-risk landscape and find the right solution for you.

What’s worse than having to pay Ransomware?

What’s worse than having to pay Ransomware?

The answer : Having to pay it twice - (or even more). Your Cyber-Security is under more pressure than ever. According to Infosecurity magazine, "double" extortion ransomware victims are up a massive 935% - thats a ten-fold increase year-on-year. This is driven by the...

“Phishmas” – its not that punny

“Phishmas” – its not that punny

Whatever it takes to draw your attention to Cyber Security is worth it. Just because we take time off at Christmas doesn't mean the hackers do. They have taken a lot of heart from the way we have all embraced home-delivery for our shopping and are doubling down with...

Is your Fingerprint effective security?

Is your Fingerprint effective security?

Straight out of the movies We are all used to the idea of using our fingerprints to log into our cell phones and, for some of us, our laptops. We’ve been told fingerprints are secure, and effective for ‘biometric authentication’ In the movies, we see finger prints...

Have you been vished?

Have you been vished?

What is vishing? Vishing is scamming via phone calls,  effectively "phishing" by voice, hence the name,  Voice phishing - Wikipedia  Unfortunately, like many other cyber-attacks, incidents are on the rise. Because the damage is done over a phone call, they are even...

Does the new Chinese PIPL law apply to you?

Does the new Chinese PIPL law apply to you?

If you do business in China, you need to know about the “PIPL” It’s the Chinese equivalent of the GDPR from the EU – and your responsibility to protect the data privacy of the Chinese. The law came into being relatively quickly and has already taken effect as at...

Security Training and Awareness offer

Security Training and Awareness offer

We are deploying some new tools for our KARE for Security clients. For a limited time we can share these with all our clients to give you and your colleagues some great e-security awareness training. The holiday season is targeted by scammers, they know that employees...

Helping you with Cyber Insurance Audit Forms

Helping you with Cyber Insurance Audit Forms

Cyber Security Audits are increasingly common. One cause is that we're seeing more boards ask about cyber security posture, and frankly every board needs to be asking about that. The other major prompt we see is when our clients are applying for cyber security...

Don’t be in the 67,500

Don’t be in the 67,500

It might be our nearest neighbour, rather than us, but its still a good indicator of the trends that we're also seeing in New Zealand. We have to remember that much cyber-crime is still not reported.  Whether it's out of embarrassment or commercial sensitivity, we...

Urgent – “Zero Day” exploit 9 Sept 2021

Urgent – “Zero Day” exploit 9 Sept 2021

Today's news is full of stories about increased cyber-threats in NZ - Cyber attacks against Kiwibank, ANZ, NZ Post, MetService - experts see lockdown link - NZ Herald We've seen several days of issues caused by these "DDOS" attacks.   Overnight, another...