Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
February 16, 2023
Between perennially hiking premiums, unprecedented ransomware claims and new exceptions for state-sponsored attacks, the cyber insurance industry may be experiencing some growing pains. In addition, some insurance giants, including Lloyd’s of London, are now requiring global insurers to exclude state-backed cyber-attacks from their policies.
Forced to curb their own losses, cyber underwriters are discerning as ever in their coverage decisions, apt to outright decline policies for companies falling behind on modernization initiatives — including cybersecurity maturity. The effort to curb risk is massive and complicated.
However, good news comes to those who mitigate cyber risk proactively. With the right controls in place, organizations can not only secure cyber coverage, but ultimately see their premium rates go down. Ahead, we’ll cover the essential cybersecurity capabilities that today’s insurance carriers seek.
Amid record ransomware claims, it’s harder to find coverage today than any time in the 26 years since the first cyber liability policy was signed. This new reality, owing to a now-unpredictable threat landscape, reinforces that overarching business-security initiatives and cyber insurance plans should go hand in hand. The stronger its cybersecurity controls, the more likely a company will be able to obtain and maintain coverage while finding some possible relief from ever-rising premiums.
Fundamentally, multi-factor authentication (MFA) is considered mandatory for any organization to achieve baseline cybersecurity maturity because its use prevents between 80% and 90% of potential cyberattacks. The same holds true for web security, such as firewalls, as well as email filters that help prevent exposure to malicious files in the first place.
And while data backups are longstanding prerequisites for enterprises, simply having them in place is no longer adequate for security or business continuity purposes, let alone favorable underwriter decisions. A higher sophistication of cyber threats requires that backups now be secured, encrypted and tested continually. Moreover, evolved recovery solutions must not only secure an organization’s most crucial data, but its business-critical processes as well. Such upgrades, when paired with a customized and practiced cyber incident response plan, minimize the impact (and likely the claim amount) associated with attacks.
Building on core security controls, insurers also tend to favor companies with established privileged access management (PAM) and third-party risk management programs. While the former uses the concept of least privilege to govern access to data and systems, the latter ensures that vendor and supply chain vulnerabilities are mitigated, a notable safeguard considering that 17% of organizations in 2022 suffered a breach due to a compromised business partner. Both these controls, however, effectively contribute to lower cyber risk — and higher chances of getting coverage.
Other increasingly important controls for the post-COVID digital world, such as effective endpoint detection and response (EDR) programs, account for the widespread adoption of work-from-home and bring-your-own-device (BYOD) policies. The relatively new era of remote work also highlights a heightened need for network logging and monitoring via security information and event management (SIEM), which correlates data from several different tools in a given environment.
And finally, because 82% of breaches involve a human element, it’s imperative to require a cybersecurity awareness program for employees. This should include extensive training to contend with phishing attempts, which continue to be the attack vector of choice for financially motivated cybercriminals.
In closing, it’s best to be proactive with implementing the relevant, future-facing cybersecurity controls as cyber insurance finds its new footing. Reducing organizational risk will not only preempt evolving threats, but also help secure the ideal coverage when it’s needed most.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.