Navigating an increasingly challenging cyber insurance market
As organisations transition to remote or hybrid workforces, the digital attack surface widens immensely. This allows threat actors to target businesses with ransomware and other attacks more efficiently, demanding record-high payouts and inflicting significant business damage. According to the FBI, in 2021, the IC3 received 3,729 complaints identified as ransomware with adjusted losses of more than $49.2 million.1
Once a business has fallen victim to ransomware, its options diminish greatly. Forbes reported that in 2021, more than 60% of those hit by attacks paid the ransom.2 In addition to ransom payouts, cyber insurance providers frequently cover extensive costs for incident response, forensics, and notifications to affected individuals.
Challenges for a different reality
There is no silver bullet to predicting whether an organisation will be targeted by ransomware, as Coveware has reported that 55% of ransomware attacks targeted businesses with fewer than 100 employees.3
This has made it increasingly difficult for insurers to develop a risk assessment model for customers. Unlike life insurance, where insurers can draw from years of research to develop actuarial tables and make financially acceptable risk decisions based on medical tests and questionnaires, the reality is different for the cyber insurance sector.
As a result, cyber insurance customers are subjected to substantial increases in premiums along with sub limits for ransomware. A full understanding of the policy terms and conditions is critical to a comprehensive risk mitigation strategy.
Improving their risk assessment models
For cyber insurance providers and brokers, risk assessment starts with understanding customer security posture. This is gathered through questionnaires to gain insight into a business’ security configuration or external vulnerability scans.
Environments with disconnected products, understaffed teams, and diverse compliance and data protection regulations are most vulnerable. Trend Micro Research reported that approximately half of all serious incidents begin with the exploitation of unknown/unmanaged internet-facing assets, with the remaining 50% due to social engineering via phishing.
Trend Vision One™ unified cybersecurity platform includes market-leading capabilities for securing clouds, endpoints, email, networks, and IoT environments, with built-in security operation capabilities like XDR, risk insights, and more.
With visibility and continuous risk assessment across the organisation, organisations can adapt quickly to new business and compliance needs while helping to fulfill many cyber insurance requirements.
Breach Plan Connect (BPC) is a streamlined solution from NetDiligence® used to assist with managing cyber incident response.
It deploys a ready-to-use incident response plan that outlines precise steps, assigns roles, and details responsibilities in the event of a breach. This proactive approach can reduce the financial impact of data breach recovery as well as disruptions while maintaining compliance with regulatory obligations.
Questions that insurers will likely ask at renewal or initial application phase
In the current cyber insurance market, it’s important for businesses to be prepared, as some of the configurations that insurers require can take time to implement. Here are the most common insurance applications questions related to Trend Micro solution configurations.
Why is this important?
Required by many insurers, MFA is an essential security control that slows attacker activity. It makes exploiting passwords obtained through phishing more challenging and credential dumping a less valuable tactic.
How to respond
If your organisation is using MFA for product, employee, and admin login to operating systems and applications (using one-time passwords for example), respond “yes”.
How Trend can help
While MFA is not a capability provided by Trend Micro, it is supported by our solutions. We strongly recommend that customers take advantage of this integration.
Why is this important?
Strong endpoint protection on employee endpoints and servers is paramount to slowing attackers and detecting early attack stages and impact phases (such as ransomware encryption). “Next-gen” modern endpoint protection uses behavioral detection, machine learning, and other non-signature techniques. Using signatures alone is an outdated approach, ineffective against modern attackers.
How to respond
Most endpoint protection solutions today qualify as “next-generation”. Trend Micro’s endpoint protection solutions support machine learning and behavioral detection, so you can certainly respond “yes” if these capabilities are enabled.
We also recommend ensuring that your products are up to date for optimal detection.
Insurance forms often list vendors, but don’t require you to deploy a vendor from the list. “Trend Micro” is an acceptable answer.
How Trend can help
Ensure that behavioral detection and machine learning features are enabled.
Why is this important?
EDR is an important capability enabling IT security teams and managed service providers to better detect attacker activity. EDR can help detect attackers in early stages when they are “living off the land.”
How to respond
With EDR activated on your endpoints, indicate “yes”. Trend Micro™ XDR deployed on endpoints is an EDR technology. Insurers have been inquiring about EDR coverage more often. Sometimes insurance forms list vendors, but they do not require you to deploy a vendor from the list. “Trend Micro” is an acceptable answer.
How Trend can help
Trend Micro provides optional EDR and XDR capabilities in its endpoint products:
Why is this important?
Overwhelmed security teams can overlook serious detections from endpoint protection and EDR solutions, allowing attackers to infiltrate your environment, or successfully complete attacks before the security team becomes aware. Insurers may want to assess your ability to respond to alerts or boost your security team with managed service providers.
How to respond
Using Trend Micro™ Managed XDR service (stand-alone or as part of Trend Micro Service One™) is worth highlighting on an insurance application. This is because it increases insurers’ confidence that alerts will be detected and then responded to quickly.
How Trend can help
Trend Micro Service One includes Trend Micro Managed XDR.
Why is this important?
Attackers are quick to take advantage of remotely exploitable vulnerabilities, gaining a foothold in your environment and leveraging vulnerabilities to move laterally in the environment. An effective vulnerability assessment program shows insurers that you can quickly detect and remediate serious vulnerabilities.
How to respond
Insurers are looking for the use of vulnerability assessment and management solutions as the primary response. Some Trend Micro solutions provide an additional layer of vulnerability mitigation through intrusion prevention technology on endpoints or at the network layer. This provides teams additional time to remediate patching and strengthens the insurance application.
How Trend can help
Provided at the network layer by Trend Micro™ TippingPoint™, intrusion prevention technology is available as a configurable feature in Trend Micro Apex One™, Trend Micro Cloud One™ – Workload Security, and Trend Micro™ Deep Security™ Software.
Why is this important?
Data backup is an important defence against ransomware, reducing the time to recover business operations. Backup is not a 100% effective defence, as attackers can also exfiltrate data for leverage, or target backups for encryption.
How to respond
Insurers require a description of your backup strategy, which ideally includes offline/offsite backups that can’t be easily breached. Trend Micro™ Endpoint Security provides “rollback” of encrypted files as part of a behavioral detection by uncovering the encryption behavior for initial files, suspending the process, and restoring the files - a technique worth mentioning.
How Trend can help
Ransomware rollback capability is enabled in Trend Micro Endpoint Security when behavioral detection is enabled for the following:
Why is this important?
Phishing is a substantial attack vector targeted by ransomware, business email compromise, and other serious attacks. Modern email security capabilities are an essential security control to detect these attacks before they reach endpoints.
How to respond
If you are employing email security gateways or API-based email security solutions connected to a cloud email service such as Microsoft 365, describe what is configured.
How Trend can help
Trend Micro™ Cloud App Security provides malicious attachment detection, internal email traffic and message analysis, and AI-powered writing style analysis. Trend Micro™ Email Security detects threats before it reaches your environment. Trend Micro™ ScanMail for Microsoft Exchange, Trend Micro™ Interscan Mail Security Virtual Appliance, and Trend Micro™ Deep Discovery™. Email Inspector provides on-premises email security.
Discover the power of Trend Vision One™.