The relentless threat of cyberattacks has created a significant challenge for cybersecurity professionals. Breaches result in damage to an organization’s reputation, lost revenue, and compromised data. It’s no surprise 45% of information security professionals have contemplated leaving the industry entirely due to stress and unrealistic expectations.
To cope with the lurking threat of ransomware, many organizations are considering new processes and tools to protect themselves from malicious activity. Today’s attacks are unpredictable and becoming more and more sophisticated – driving organizations to implement a safety net through cyber insurance to prepare.
It’s not as easy as it sounds.
In the past, cyber insurance was simply an additional (and affordable) line item on policies which could be purchased and easily obtained. Now, it has become excessively difficult and expensive to maintain.
All organizations should be focused on bolstering cybersecurity to protect their business from a breach or attack, not necessarily to qualify for cyber insurance. Nonetheless, having a strong strategy will only make the process of getting coverage more accessible, with many added security and financial benefits. To stay protected on all fronts, businesses should keep in mind the “never trust, always verify” approach of zero trust architecture (ZTA).
Cyber insurance isn’t what it used to be
As attacks surge, the demand for cyber insurance goes through the roof – unsurprisingly increasing by 46% in 2020 alone. What’s more, insurance premiums have skyrocketed, growing by 29% from 2019 to 2020, while the coverage offered by insurers has decreased significantly.
These attacks and their costly consequences have given underwriters no choice but to crack down on security protocols. It’s now necessary for businesses to establish certain identity verification solutions, like multifactor authentication (MFA), just to obtain cyber insurance in the first place.
In addition to having the basic requirements, businesses seeking cyber insurance must also go through an in-depth vetting process to determine premium costs. Underwriters will assess the security measures in place to detect, recover, and even prevent attacks altogether. Organizations without a strong cyber strategy or those that have experienced a cyberattack in the past end up paying more.
Understandably, most insurers will validate that organizations have robust solutions and processes in place for handling sensitive data. In short, ZTA is what they’re looking for – and what will keep your insurance premium affordable.
Why you should care about ZTA
Zero trust is one of the most secure and reliable ways to protect critical assets and information from bad actors. Its approach requires users to verify their identity as they move across multiple points through a network, replacing traditional perimeter-centric network access models. ZTA has the power to prevent an attacker from access through perimeter vulnerabilities or lateral movement across a network.
This is an appealing approach because it makes organizations much less vulnerable to cyberattacks. It also streamlines the recovery process for victims. In fact, those without ZTA in place spent an average of 42% more recovering from a data breach compared to those with mature strategies.
There’s a vetting process for a reason – and it’s meant to help you as much (or more than) your insurer.
Underwriters recognize the evolving landscape of threats, the need for effective security processes, and the solutions that can help. For example, MFA is a key component of ZTA because it prevents attackers from gaining access through compromised credentials. By requiring a second factor like a push notification, one time password (OTP), or biometrics, users are confidently verified. With this added security, MFA is a reasonable requirement in the vetting process.
Another key factor in achieving ZTA is ensuring you grant access only to the specific files, systems, and information users need. Solutions that do this, like privileged access management (PAM) or role-based access, are cornerstones to a strong ZTA. Any CISO or CIO that’s dedicated to building their organization’s digital identity strategy effectively will consider ZTA for its security benefits alone, subsequently leading to reduced risk.
The cost benefits of ZTA
Businesses facing a high cyber insurance premium are their own worst enemy. If organizations avoid investing in cybersecurity, their chances of experiencing an expensive cyber incident are much higher. In turn, that increased risk means a more costly premium.
Through their vetting process, insurers want to know the steps you’ve taken to protect your business. Just as there’s no single function to completely protect from an attack, there’s no single catch-all insurance policy either.
Underwriters want organizations to have basic IT security standards like MFA, antivirus software, a firewall, methods for regularly backing up data, and a secure provisioning process. These are reasonable solutions for any business looking to bolster security.
There are myriad benefits to ZTA we could dive into, but ultimately, money spent in this area will only mean money saved down the line, at least in one form or another. In the event of a breach, those with a mature ZTA deployment saved an average of $1.51 million compared with those in the early adoption phase of zero trust.
It’s critical to consider holistic digital identity tools that can support ZTA, such as MFA, identity governance, privileged access management (PAM), and single sign-on (SSO). Although these standards may feel like a big undertaking and a lot to implement in the short term, they drive organizations to improve their overall security posture. This holistic approach reduces the risk of a cyberattack (with the added benefit of a more affordable insurance premium).
Taking steps towards ZTA
It’s important for organizations to see any investment in cybersecurity as an investment in themselves in the long run. Taking shortcuts can’t be an option because it’s unsustainable in today’s digital environment.
The return on investment in cyber insurance can be significant – especially considering that the average cost of a data breach was $4.24 million USD in 2021. Use this as leverage when talking to your IT, security, finance, and compliance personnel about cybersecurity and insurance. Consider the following questions to develop a clear plan of action:
- What is the goal of your identity and access management (IAM) strategy?
- How does the plan incorporate ZTA that prevents illicit access?
- Has the organization done a digital identity maturity assessment? What were the findings?
- Do you have MFA in place? Or any other key components of ZTA, like PAM?
- What parts of your cyber strategy make you feel the least confident?
Collaborating across the organization enables a successful cyber security strategy. A strong ZTA framework will ensure your organization is able to thwart cyberattacks at a minimum level, while making it easier for you to invest in cyber insurance.