Picture of Mike Ichiriu
by Mike Ichiriu

Cyber insurance and Zero Trust: what you need to know

Cyber liability insurance has rapidly grown in popularity over the last few years, with the total market size expected to exceed $20 billion by 2025, representing a respectable CAGR of 21.2% over a five year period. At the same time, Zero Trust Security is driving a sea change in the way companies think about cybersecurity.

Let’s explore what makes cyber insurance and Zero Trust Security a winning combo that business executives need to pay attention to in 2022.  In this blog, we’ll unpack what’s driving the demand for cyber insurance and review how it and Zero Trust Security help relieve pressures on businesses from cyber attacks.preventing-risk-playing-chess-business-board-business-insurance-concept

What is cyber liability insurance?

Cyber liability insurance allows companies to transfer some of the cyber risk they encounter to the insurer, in exchange for a fee (the premium).  The coverage provided by cyber liability policies provides many benefits, including:

  • Serves as a financial backstop for your business when an event occurs
  • Gives your customers confidence that a cyber event won’t put you out of business
  • Protects you against regulatory fines and third-party legal implications

Cyber liability insurance provides an affordable way to defend the business against cyber threats that make it past your defenses.  Carriers have made cyber liability insurance simple and easy to purchase, with instant online quotes that factor in the size and scope of your business as well as whether your business handles any sensitive data.

 

I have insurance; do I need to invest more in cybersecurity?

For decades, the primary focus of cyber security has been to keep hackers out of your network. Since users are the most common entry point for attacks, many companies have focused on technologies like EDR, firewall, and VPN to protect user devices and access. 

History has shown this isn’t enough.  Leaked chat transcripts from ransomware groups like LAPSUS$ show how easy it is for them to get access by tricking users or helpdesk personnel, and in some cases even bribing them for access.  Focusing so much attention on protecting the user device makes even less sense when you consider that hackers are not particularly interested in attacking an individual user’s laptop – once they get in, they head straight for the crown jewels (customers lists, financial data, source code, etc).

If you have a policy, cyber liability insurance will provide some amount of relief if you do get hit.  But for continued coverage, you’ll need to take concrete steps to remediate cybersecurity holes.  While upgrading to the latest and greatest EDR is advisable, it may not prove as helpful as locking down access to the crown jewels.

 

How Zero Trust Security Reduces Cyber Risk

Modern Zero Trust Security tools can help to protect the corporate crown jewels from hackers already inside the network.

An application cybershield is like a “safe” that protects critical business applications and data. Once installed, the cybershield automatically blocks accesses from unauthorized users and servers, essentially cloaking the application so hackers and ransomware can’t find them on the network. At the same time, after authentication, authorized users may continue to access the application as they did before.

Deployed in minutes around existing applications and data, an application cybershield can help make your business much more resilient to hacker activity.  It’s a simple and affordable way to reduce the chance that you’ll need to spend time on the phone with your cyber insurance carrier.

 

What about my existing cybersecurity tools?

The beauty of adding cyber insurance and Zero Trust to your cyber strategy is that you do not need to change what you're doing today.  Your existing cybersecurity tools continue to provide security protection, while Zero Trust and cyber insurance add new technical and business defenses to reduce cyber risk.

 

It’s “Defense in Depth” – for the Business

Cyber insurance and Zero Trust Security amplify upon the proven cybersecurity principle of “defense in depth”. Zero Trust Security solutions, such as an application cybershield, help defend the critical assets and applications that make it past your existing cyber defenses; cyber insurance helps to reduce and transfer risk away from your business. Both are easy to set up, augmenting rather than replacing the existing cyber defense strategy.  These two solutions give executive management powerful new tools to further protect the business and shareholders against the threats of ransomware, malware, and industrial espionage.