Ransomware Defense and Helping Clients Evaluate Cyberliability Insurance Policies

Ransomware was all over the news this month. Ransomware defense is most effective when leveraged in layers. We work hard on managed antivirus, patching, firewalls, and staff training. For many years, we have offered ransomware-resistant backup, secure password storage, and multifactor authentication (MFA). Last year we began recommending Endpoint Detection and Response (EDR) solutions like SNAP-Defense. Cybercriminals are growing more sophisticated, and ransom payments accelerate their efforts.

Cyberliability insurance is an important layer to help you recover quickly in the event criminals evade other defenses. Insurance carriers have been taking a beating from criminals lately. When helping clients evaluate which cyberliability insurance policy is right for them, we are now seeing insurance carriers require organizations implement both multifactor authentication (MFA) and Endpoint Detection and Response (EDR). Failure to have MFA and EDR lowers coverage limits and increases premiums. In many cases, carriers are declining to insure organizations that don’t use MFA and EDR. We expect this trend to continue.

Pegasus does not sell cyberliability insurance, and regardless of whether or not you choose to purchase insurance to protect your business, you should know that MFA and EDR have quickly become the new “must-have” technologies in standard cyberdefense playbooks. To put it another way, the actuaries at insurance carriers who look at the data on what defenses work today and which ones don’t have spoken. MFA and EDR are now required layers of cybersecurity defense.

When we investigate a policy with one of our clients, here are some of the things we think about:

  • Need to understand when the policy would pay:
    • Loss of income / business interruption?
    • Labor to remediate problem and restore operations?
    • Ransom?
    • Damaged reputation/brand?
    • Notification to affected people?
    • Credit protection/monitoring for affected people?
    • Legal response and defense?
    • Punitive / compensatory damages for affected people?
    • Telecom usage?
    • Cases of cryptolocked files?
    • Cases of extortion over release of sensitive data, communications, or photos?
  • How much would the policy pay?
  • Are there coverage limits in specific areas or under certain conditions?
  • Compliance with the requirements of the policy, accurate answers on the the questionnaire, and up-to-date questionnaire?
  • Is there coverage for events prior to the policy period? (Full prior acts; FPA)?
  • Will vulnerabilities be remediated before obtaining coverage?
  • Beware contractual liability, e.g. indemnification agreements, business associate agreements (BAAs are common in healthcare), compliance surveys, 3rd-party handling of data

Ransomware is a complicated and quick-moving area of concern, so we follow it closely. The next time you’re evaluating cyberliability insurance for your organization or if you just want to review your layers of defense, let us know how we can help.