Arctic Wolf Aims to Accelerate Cyberinsurance Assessments
Arctic Wolf is making available a tailored benchmark framework for vulnerability and insurability assessments to help cyberinsurers speed up evaluations and quickly determine whether organizations qualify for cyberinsurance.
The number of organizations that have taken out a cyberinsurance policy has risen sharply in the last two years as a wave of ransomware attacks wreaked havoc. Now, however, it’s become much tougher to qualify for cyberinsurance after carriers found themselves covering a staggering number of claims.
Scott Holewinski, senior vice president and general manager for incident response for Arctic Wolf, said even more challenging is the fact that many of the cybersecurity policies issued more than a year ago are now coming up for renewal. It’s likely that the next wave of more stringent cybersecurity requirements will result in denying renewal of many of those policies, he added.
Arctic Wolf’s Tetra Defense unit provides incident response services via a MyCyber Web platform to help businesses assess their cybersecurity posture. The same platform is also used by insurance carriers to assess an organization’s risk levels based on the cybersecurity tools and processes they have put in place. The additions to the MyCyber platform made this week establish a baseline of key security controls.
A recent survey conducted by Microsoft and Marsh, a global insurance broker, found 61% of respondents said their organization has some type of cyberinsurance coverage today. It’s unlikely a carrier will deny a claim unless there is an egregious fault such as, for example, not verifying that data has been backed up, said Holewinksi. However, it’s also probable that most cyberinsurance carriers will require that multifactor authentication (MFA) be implemented before they issue a policy, he added.
Arguably, cyberinsurance policies are starting to have a virtuous cycle effect on cybersecurity. Initially, they were seen as a lower-cost alternative to making investments to prevent cybersecurity attacks. However, as carriers become more aware of cybersecurity best practices, insurers are starting to require organizations to make those investments before granting a policy. Many organizations that previously only sought minimum compliance with a mandate are now being required to invest more in cybersecurity to qualify for insurance.
It’s too early to say how much the total cost of cyberinsurance might rise in the months ahead. However, the one thing that is certain is that attacks will increase in terms of both volume and sophistication. There are research efforts underway to employ machine learning algorithms to thwart ransomware attacks, but it may be many years before those efforts successfully prevent these types of attacks.
In the meantime, cybercriminal gangs are more organized than ever. Many of them now resemble a corporate entity, complete with paid vacations and bonus structures for employees. The days when the adversary was a handful of loosely affiliated miscreants are now long over, and cybercrime has become a multi-billion business in its own right.
